Plattform
other
Komponente
hcl-mycloud
Behoben in
10.8.2
CVE-2024-30150 describes an Improper Access Control vulnerability within HCL MyCloud. This flaw allows unauthenticated users to escalate privileges, potentially leading to severe consequences such as information disclosure, Server-Side Request Forgery (SSRF), and Denial of Service (DoS) attacks. The vulnerability impacts versions 10.8.1 through 10.8.1, and a patch is available in version 10.8.2.
The Improper Access Control vulnerability in HCL MyCloud allows unauthenticated attackers to bypass security controls and gain elevated privileges within the system. This could enable attackers to access sensitive data, modify configurations, or even execute arbitrary code on the server. The potential for SSRF means an attacker could leverage the MyCloud instance to make requests to internal or external resources, potentially compromising other systems. The DoS potential allows attackers to disrupt service availability, impacting users and business operations. Successful exploitation could lead to a complete compromise of the MyCloud environment, depending on the system's configuration and access controls.
CVE-2024-30150 was publicly disclosed on February 25, 2025. The vulnerability's severity is rated as MEDIUM (5.3) by CVSS. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The potential for SSRF exploitation warrants close monitoring.
Organizations utilizing HCL MyCloud versions 10.8.1 through 10.8.1, particularly those with exposed MyCloud instances or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple tenants share the same MyCloud instance are also particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.16% (37% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-30150 is to upgrade HCL MyCloud to version 10.8.2 or later, which contains the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting network access to the MyCloud instance, implementing stricter authentication controls, and monitoring for suspicious activity. Review and tighten access control lists to limit the potential impact of a successful exploit. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to exploit improper access control vulnerabilities. After upgrading, confirm the fix by attempting to access privileged resources without authentication and verifying access is denied.
Actualice HCL MyCloud a una versión posterior a la 10.8.1 que contenga la corrección para la vulnerabilidad de escalada de privilegios. Consulte el artículo de la base de conocimientos de HCL para obtener instrucciones específicas sobre la actualización y las versiones corregidas: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-30150 is an Improper Access Control vulnerability in HCL MyCloud allowing unauthenticated users to escalate privileges, potentially leading to information disclosure, SSRF, and DoS. It has a MEDIUM (5.3) severity.
You are affected if you are running HCL MyCloud versions 10.8.1–10.8.1. Upgrade to 10.8.2 to resolve the vulnerability.
Upgrade HCL MyCloud to version 10.8.2 or later. As a temporary workaround, restrict network access and monitor system logs.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention.
Refer to the official HCL security advisory for detailed information and remediation steps. Check the HCL Support website for the latest updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.