CVE-2023-37540

LOW

HCL Sametime 11.5-12.0.1 - Insecure Storage of Sensitive Information via Eclipse Secure Storage

Title source: llm

Description

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082

Scores

CVSS v3 3.9

EPSS 0.0016

EPSS Percentile 5.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (1)

hcltech/sametime 11.5 - 12.0.2

Published Feb 23, 2024

Tracked Since Feb 18, 2026