Clickjacking Protection Failure in Sametime Outlook Add-in
CVE-2023-45698

6.1MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Sametime
Vendor: CVE Published:; 10 February 2024

Summary

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.

Affected Version(s)

HCL Sametime 11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 10, 2024
Vulnerability Reserved
Oct 10, 2023