CVE-2023-37540

LOW

Sametime Connect - Info Disclosure

Title source: llm

Description

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

References (1)

[Vendor Advisory] https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082

Scores

CVSS v3 3.9

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (1)

hcltech/sametime 11.5 - 12.0.2

Published Feb 23, 2024

Tracked Since Feb 18, 2026