cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-37540,https://securityvulnerability.io/vulnerability/CVE-2023-37540,Sametime Connect Desktop Chat Client Vulnerability,"The HCL Sametime Connect desktop chat client has a vulnerability related to its implementation of the Eclipse framework. Although the Eclipse feature called Secure Storage is included, it is not utilized effectively. This oversight can result in the unintended exposure of sensitive data, posing significant risks to users who rely on the chat client for confidential communications. Proper measures should be taken to mitigate the risk associated with this issue.",Hcl Software,Hcl Sametime Chat,3.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-23T07:00:59.008Z,0
CVE-2023-45698,https://securityvulnerability.io/vulnerability/CVE-2023-45698,Clickjacking Protection Failure in Sametime Outlook Add-in,"Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.
",Hcl Software,Hcl Sametime,6.1,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-02-10T03:24:40.127Z,0
CVE-2023-45696,https://securityvulnerability.io/vulnerability/CVE-2023-45696,Sametime Impacted by Autocomplete Feature in Legacy Web Chat Client,"The HCL Sametime Legacy Web Chat Client is vulnerable due to the inappropriate handling of sensitive fields with autocomplete enabled. This vulnerability permits the web browser to store user input data by default, potentially leading to unintended exposure of sensitive information. It is essential for users and administrators to be aware of this issue to implement necessary security measures, such as disabling autocomplete features and sanitizing any sensitive entries made through the client.",HCL Software,HCL Sametime,7.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2024-02-10T03:10:30.423Z,0
CVE-2023-45718,https://securityvulnerability.io/vulnerability/CVE-2023-45718,Sametime Sessions Failure: Persistent Cookie Values Cause Security Risks,"In HCL Sametime Web clients, there exists a notable session management issue due to a lack of proper session invalidation. Specifically, sensitive cookie values are being set to persist even after the user terminates their session. This flaw can lead to potential security risks, allowing unauthorized users to potentially exploit valid cookies after a legitimate user's session has ended. Proper handling of session data is crucial to safeguarding user information and maintaining application integrity.",HCL Software,HCL Sametime,7.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2024-02-09T21:22:09.163Z,0
CVE-2023-45716,https://securityvulnerability.io/vulnerability/CVE-2023-45716,HCL Sametime is impacted by a sensitive information disclosure,"Sametime is impacted by sensitive information passed in URL. 
",Hcl Software,Hcl Sametime,1.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-09T21:17:50.900Z,0
CVE-2023-50349,https://securityvulnerability.io/vulnerability/CVE-2023-50349,Sametime Vulnerable to CSRF Attacks,"HCL Sametime Proxy is subject to a Cross Site Request Forgery (CSRF) vulnerability that affects certain REST APIs. This flaw allows attackers to perform unauthorized actions through the application, potentially compromising user data or application integrity. Implementing security measures to mitigate the risk associated with CSRF attacks is essential for safeguarding the interests of users and maintaining the stability of the application. Organizations using HCL Sametime Proxy should be proactive in applying patches and conducting security assessments to protect against this type of vulnerability.",HCL Software,HCL Sametime,8.8,HIGH,0.0005600000149570405,false,false,false,false,,false,false,2024-02-09T20:15:03.715Z,0
CVE-2022-42446,https://securityvulnerability.io/vulnerability/CVE-2022-42446,HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access,"Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
",Hcl Software,Hcl Sametime,6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2022-12-12T13:15:00.000Z,0
CVE-2021-27753,https://securityvulnerability.io/vulnerability/CVE-2021-27753,,"""Sametime Android PathTraversal Vulnerability""",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-02-21T17:49:28.000Z,0
CVE-2021-27755,https://securityvulnerability.io/vulnerability/CVE-2021-27755,,"""Sametime Android potential path traversal vulnerability when using File class""",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-02-21T17:49:28.000Z,0