CVE-2023-45696

MEDIUM

HCL Sametime 11.5-12.0.1 - Sensitive Information Exposure via Legacy Web Chat Autocomplete

Title source: llm

Description

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082

Scores

CVSS v3 4.0

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-524

Status published

Products (1)

hcltech/sametime 11.5 - 12.0.2

Published Feb 10, 2024

Tracked Since Feb 18, 2026