CVE-2023-37540

EPSS 0.08%
Veröffentlicht 23.02.2024 07:15:47
Zuletzt bearbeitet 09.01.2026 13:51:50
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Sametime Version >= 11.5 < 12.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.238

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-37540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37540

EUVD