Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-30122

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-23 Oct, 2024 | 14:59
Updated At-25 Nov, 2024 | 17:29
Rejected At-
Credits

HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:23 Oct, 2024 | 14:59
Updated At:25 Nov, 2024 | 17:29
Rejected At:
▼CVE Numbering Authority (CNA)
HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
Sametime
Default Status
unaffected
Versions
Affected
  • <=12.0.2
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-922CWE-922 Insecure Storage of Sensitive Information
Type: CWE
CWE ID: CWE-922
Description: CWE-922 Insecure Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:23 Oct, 2024 | 15:15
Updated At:25 Nov, 2024 | 18:15

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
HCL Technologies Ltd.
hcltech
>>sametime>>Versions before 12.0.2(exclusive)
cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*
HCL Technologies Ltd.
hcltech
>>sametime>>12.0.2
cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-922Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-922
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627psirt@hcl.com
Vendor Advisory
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Source: psirt@hcl.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-30117
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-2.5||LOW
EPSS-0.08% / 23.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 22:55
Updated-17 Oct, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform is affected by a DLL Hijack vulnerability

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-23348
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-5.1||MEDIUM
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 17:06
Updated-29 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Launch is vulnerable to sensitive information disclosure

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_launchHCL Launch
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-23561
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 20:20
Updated-11 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-hcl_devops_deployhcl_launchDevOps Deploy / Launch
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-37521
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-2.3||LOW
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:55
Updated-29 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_bare_osd_metal_server_webuiHCL BigFix OSD Bare Metal Server WebUI
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2023-37540
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-3.9||LOW
EPSS-0.03% / 6.79%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 07:00
Updated-29 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Sametime Chat is affected by an unimplemented feature in the UI

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-HCL Sametime Chat
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-30132
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 12:10
Updated-29 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing default HTTP security headers affect HCL Nomad server on Domino

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-Nomad server on Domino
CWE ID-CWE-922
Insecure Storage of Sensitive Information
Details not found