CVE-2024-30124

EPSS 0.08%
Veröffentlicht 23.10.2024 16:15:05
Zuletzt bearbeitet 08.01.2026 19:46:12
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Sametime Version < 12.0.2

Hcltech ≫ Sametime Version12.0.2 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.23

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
psirt@hcl.com	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-30124

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30124

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30124

EUVD