CVE-2024-30128

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*

History

30 Oct 2025, 18:30

Type	Values Removed	Values Added
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504 -~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504 - Vendor Advisory
CPE		cpe:2.3:a:hcltech:nomad_server_on_domino::::::::
First Time		Hcltech Hcltech nomad Server On Domino

26 Sep 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) El servidor HCL Nomad en Domino se ve afectado por una vulnerabilidad de proxy abierto en la que un atacante no autenticado puede ocultar su dirección IP de origen original. Esto puede permitirle a un atacante engañar al usuario para que exponga información confidencial.

25 Sep 2024, 16:35

Type	Values Removed	Values Added
CWE		CWE-441

25 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-25 15:15

Updated : 2025-10-30 18:30

NVD link : CVE-2024-30128

Mitre link : CVE-2024-30128

CVE.ORG link : CVE-2024-30128

JSON object : View

Products Affected

hcltech

nomad_server_on_domino

CWE

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

{"id": "CVE-2024-30128", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-09-25T15:15:13.717", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115504", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-441"}]}], "descriptions": [{"lang": "en", "value": "HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information."}, {"lang": "es", "value": "El servidor HCL Nomad en Domino se ve afectado por una vulnerabilidad de proxy abierto en la que un atacante no autenticado puede ocultar su direcci\u00f3n IP de origen original. Esto puede permitirle a un atacante enga\u00f1ar al usuario para que exponga informaci\u00f3n confidencial."}], "lastModified": "2025-10-30T18:30:18.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:nomad_server_on_domino:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85907C16-BA53-4E89-8232-E449B7847D3F", "versionEndExcluding": "1.0.13"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}