Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-30122

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-23 Oct, 2024 | 14:59
Updated At-25 Nov, 2024 | 17:29
Rejected At-
Credits

HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:23 Oct, 2024 | 14:59
Updated At:25 Nov, 2024 | 17:29
Rejected At:
▼CVE Numbering Authority (CNA)
HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
Sametime
Default Status
unaffected
Versions
Affected
  • <=12.0.2
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:23 Oct, 2024 | 15:15
Updated At:25 Nov, 2024 | 18:15

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
HCL Technologies Ltd.
hcltech
>>sametime>>Versions before 12.0.2(exclusive)
cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltech
>>sametime>>12.0.2
cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-922Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-922
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2025-52616
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 14.63%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 04:24
Updated-21 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Unica 12.1.10 is affected by an exposure of sensitive information

HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-unicaUnica
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-52609
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.16% / 5.59%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 11:42
Updated-04 Jun, 2026 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL iControl was affected by Missing Security Headers vulnerability.

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-icontroliControl
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-52645
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-1.9||LOW
EPSS-0.08% / 0.37%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 14:39
Updated-25 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-52661
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-2.4||LOW
EPSS-0.15% / 4.59%
||
7 Day CHG~0.00%
Published-19 Jan, 2026 | 18:04
Updated-25 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-30133
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 16.58%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:23
Updated-30 Oct, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-traveler_for_microsoft_outlookHCL Traveler for Microsoft Outlook (HTMO)
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2024-30117
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-2.5||LOW
EPSS-0.20% / 9.78%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 22:55
Updated-17 Oct, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform is affected by a DLL Hijack vulnerability

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-37521
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-2.3||LOW
EPSS-0.33% / 24.28%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:55
Updated-29 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_bare_osd_metal_server_webuiHCL BigFix OSD Bare Metal Server WebUI
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-37540
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-3.9||LOW
EPSS-0.16% / 5.59%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 07:00
Updated-09 Jan, 2026 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Sametime Chat is affected by an unimplemented feature in the UI

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-sametimeHCL Sametime Chat
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-23348
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.33%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 17:06
Updated-29 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Launch is vulnerable to sensitive information disclosure

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_launchHCL Launch
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-30132
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.31% / 22.22%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 12:10
Updated-30 Oct, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing default HTTP security headers affect HCL Nomad server on Domino

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-nomad_server_on_dominoNomad server on Domino
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23561
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 27.85%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 20:20
Updated-11 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_devops_deployhcl_launchDevOps Deploy / Launch
CWE ID-CWE-922
Insecure Storage of Sensitive Information
Details not found