Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVE ID: CVE-2024-30148
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Vendor: HCL Software
Product: HCL Leap
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 12.07% (scored less or equal to compared to others)
EPSS Date: 2025-05-23 (when was this score calculated)