Vulnerability Details : CVE-2023-37540
Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.
Products affected by CVE-2023-37540
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-37540
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37540
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.9
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
1.3
|
2.5
|
HCL Software | 2024-02-23 |
CWE ids for CVE-2023-37540
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-37540
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082
Security Bulletin: Multiple vulnerabilities affect HCL Sametime Chat and Meetings
Jump to