CVE-2023-37540

EPSS 0.08%
Veröffentlicht 23.02.2024 07:15:47
Zuletzt bearbeitet 09.01.2026 13:51:50
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL Sametime Chat is affected by an unimplemented feature in the UI

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Sametime Version >= 11.5 < 12.0.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.238

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-37540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37540

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-37540