Lucene search

[email protected]CVE-2023-37540

HistoryFeb 23, 2024 - 7:15 a.m.

CVE-2023-37540

2024-02-2307:15:47

[email protected]

web.nvd.nist.gov

cve-2023-37540

sametime connect

desktop chat client

vulnerability

eclipse

secure storage

3.9 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

JSON

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Sametime Chat",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082