CVE-2024-30154 – HCL SX has a cross-site request forgery (CSRF) ... (How to Fix)

Q: What is the severity of CVE-2024-30154?

CVE-2024-30154 has a CVSS score of 5.3 (MEDIUM). HCL SX has a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on their behalf. This affects all users of vulnerable HCL SX installations who access the application through a web browser.

📋 TL;DR

HCL SX has a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on their behalf. This affects all users of vulnerable HCL SX installations who access the application through a web browser.

💻 Affected Systems

Products:

HCL SX

Versions: All versions prior to 12.0.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of HCL SX before version 12.0.2 are vulnerable regardless of configuration.

📦 What is this software?

Hcl Sx by Hcltech

View all CVEs affecting Hcl Sx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could perform administrative actions like creating new users, changing configurations, or deleting data by tricking an administrator into clicking a malicious link.

🟠

Likely Case

Attackers could modify user settings, change permissions, or perform other actions within the authenticated user's privilege level.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is significantly reduced as legitimate requests would be validated.

🌐 Internet-Facing: HIGH - Web applications accessible from the internet are prime targets for CSRF attacks via malicious websites or emails.

🏢 Internal Only: MEDIUM - Internal users could still be targeted through phishing emails or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require minimal technical skill but need the victim to be authenticated and tricked into interacting with malicious content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.0.2

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119437

Restart Required: Yes

Instructions:

1. Download HCL SX version 12.0.2 from HCL support portal. 2. Backup current installation and data. 3. Apply the update following HCL's upgrade documentation. 4. Restart the application services.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax attributes on session cookies

Set-Cookie: sessionid=xxx; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Enforce strict referrer policy headers and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check HCL SX version via admin console or configuration files. If version is below 12.0.2, system is vulnerable.

Check Version:

Check admin console or review installation logs for version information

Verify Fix Applied:

Confirm version is 12.0.2 or higher and test that state-changing requests now require CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple state-changing requests from same user without CSRF tokens
Requests with missing or invalid anti-CSRF headers

Network Indicators:

HTTP POST requests to HCL SX endpoints without Referer headers or CSRF tokens

SIEM Query:

source="hcl_sx_logs" AND (http_method="POST" OR http_method="PUT" OR http_method="DELETE") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2024-30154

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (12th percentile)

Published: March 3, 2025

Last Updated: July 3, 2025

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119437 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30154, you might also want to check these: