{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-30128","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2024-03-22T23:57:23.589Z","datePublished":"2024-09-25T14:42:53.930Z","dateUpdated":"2024-09-25T15:34:19.530Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Nomad server on Domino","vendor":"HCL Software","versions":[{"status":"affected","version":"<1.0.13"}]}],"datePublic":"2024-09-25T14:35:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."}],"value":"HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address.  This may enable an attacker to trick the user into exposing sensitive information."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL."}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2024-09-25T14:42:53.930Z"},"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504"}],"source":{"discovery":"UNKNOWN"},"title":"An open proxy vulnerability affects HCL Nomad server on Domino","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-441","lang":"en","description":"CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')"}]}],"affected":[{"vendor":"hcltech","product":"nomad_server_on_domino","cpes":["cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.0.13","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-25T15:27:27.770959Z","id":"CVE-2024-30128","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-25T15:34:19.530Z"}}]}}