Sametime Connect Desktop Chat Client Vulnerability
CVE-2023-37540

3.9LOW

Key Information:

Vendor: Hcl Software
Status: Hcl Sametime Chat
Vendor: CVE Published:; 23 February 2024

Summary

The HCL Sametime Connect desktop chat client has a vulnerability related to its implementation of the Eclipse framework. Although the Eclipse feature called Secure Storage is included, it is not utilized effectively. This oversight can result in the unintended exposure of sensitive data, posing significant risks to users who rely on the chat client for confidential communications. Proper measures should be taken to mitigate the risk associated with this issue.

Affected Version(s)

HCL Sametime Chat 11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
Jul 6, 2023