Login Sign Up

CVE-2024-23554

5.7 MEDIUM
Remote Code Execution CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery vulnerability affecting session tokens in HCL software. If exploited, attackers could trick authenticated users into performing unintended actions, potentially leading to remote code execution. Organizations using affected HCL products are at risk.

💻 Affected Systems

Products:
  • HCL software products (specific products not detailed in provided references)
Versions: Specific versions not detailed in provided references
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects systems with web interfaces where session tokens are used for authentication.

📦 What is this software?

Bigfix Platform by Hcltech

View all CVEs affecting Bigfix Platform →

Bigfix Platform by Hcltech

View all CVEs affecting Bigfix Platform →

Bigfix Platform by Hcltech

View all CVEs affecting Bigfix Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to execute arbitrary commands, access sensitive data, or take control of affected systems.

🟠

Likely Case

Unauthorized actions performed by authenticated users, potentially leading to data manipulation, privilege escalation, or limited system access.

🟢

If Mitigated

Minimal impact with proper CSRF protections, input validation, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires tricking an authenticated user into visiting a malicious website or clicking a crafted link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to vendor advisory for specific patched versions

Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113140

Restart Required: Yes

Instructions:

1. Review vendor advisory KB0113140. 2. Download and apply the appropriate patch for your product version. 3. Restart affected services. 4. Verify the patch was applied successfully.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax attributes on session cookies

🧯 If You Can't Patch

  • Implement web application firewall rules to block CSRF attempts
  • Restrict network access to affected systems and implement strict authentication controls

🔍 How to Verify

Check if Vulnerable:

Check if your HCL product version matches affected versions listed in vendor advisory KB0113140

Check Version:

Vendor-specific command (consult product documentation)

Verify Fix Applied:

Verify patch installation through vendor-specific verification commands and test CSRF protections

📡 Detection & Monitoring

Log Indicators:

  • Unexpected state-changing requests from authenticated users
  • Multiple failed authentication attempts followed by successful CSRF

Network Indicators:

  • Requests lacking CSRF tokens
  • Requests with mismatched referer headers

SIEM Query:

source="web_logs" AND (csrftoken="missing" OR referer="malicious_domain")

📊 Metadata

CVE ID: CVE-2024-23554
CVSS v3 Score: 5.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-352
Published: May 18, 2024
Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23554, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)