Clickjacking Protection Failure in Sametime Outlook Add-in
CVE-2023-45698

6.1MEDIUM

Key Information:

Vendor

Hcl Software
Status
Hcl Sametime
Vendor
CVE Published:
10 February 2024

What is CVE-2023-45698?

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.

Affected Version(s)

HCL Sametime 11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.