Platform
other
Component
hcl-mycloud
Fixed in
10.8.2
CVE-2024-30150 describes an Improper Access Control vulnerability within HCL MyCloud. This flaw allows unauthenticated users to escalate privileges, potentially leading to severe consequences such as information disclosure, Server-Side Request Forgery (SSRF), and Denial of Service (DoS) attacks. The vulnerability impacts versions 10.8.1 through 10.8.1, and a patch is available in version 10.8.2.
The Improper Access Control vulnerability in HCL MyCloud allows unauthenticated attackers to bypass security controls and gain elevated privileges. This can manifest in several ways. An attacker could potentially read sensitive configuration files or user data, leading to information disclosure. Furthermore, the vulnerability opens the door to SSRF attacks, where the attacker can trick the server into making requests to internal or external resources, potentially exposing internal services or data. Finally, the attacker could launch a DoS attack, disrupting the availability of the MyCloud service. The lack of authentication required to exploit this vulnerability significantly broadens the attack surface.
CVE-2024-30150 was publicly disclosed on February 25, 2025. The vulnerability's ease of exploitation, combined with the potential for significant impact (information disclosure, SSRF, DoS), suggests a medium probability of exploitation. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.16% (37% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-30150 is to upgrade HCL MyCloud to version 10.8.2 or later, which contains the fix for the Improper Access Control vulnerability. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict network access to the MyCloud service using a Web Application Firewall (WAF) or proxy to block suspicious requests. Review and tighten access control policies to minimize the potential impact of a successful exploit. Monitor system logs for unusual activity, particularly requests originating from unauthenticated users.
Actualice HCL MyCloud a una versión posterior a la 10.8.1 que contenga la corrección para la vulnerabilidad de escalada de privilegios. Consulte el artículo de la base de conocimientos de HCL para obtener instrucciones específicas sobre la actualización y las versiones corregidas: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119368
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-30150 is an Improper Access Control vulnerability in HCL MyCloud allowing unauthenticated users to escalate privileges, potentially leading to information disclosure, SSRF, and DoS. It has a MEDIUM (5.3) severity.
You are affected if you are running HCL MyCloud versions 10.8.1–10.8.1. Upgrade to 10.8.2 to resolve the vulnerability.
Upgrade HCL MyCloud to version 10.8.2 or later. As a temporary workaround, restrict network access and monitor system logs.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention.
Refer to the official HCL security advisory for detailed information and remediation steps. Check the HCL Support website for the latest updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.