cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37540,https://securityvulnerability.io/vulnerability/CVE-2023-37540,Sametime Connect Desktop Chat Client Vulnerability,"The HCL Sametime Connect desktop chat client has a vulnerability related to its implementation of the Eclipse framework. Although the Eclipse feature called Secure Storage is included, it is not utilized effectively. This oversight can result in the unintended exposure of sensitive data, posing significant risks to users who rely on the chat client for confidential communications. Proper measures should be taken to mitigate the risk associated with this issue.",Hcl Software,Hcl Sametime Chat,3.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-23T07:00:59.008Z,0
CVE-2023-45698,https://securityvulnerability.io/vulnerability/CVE-2023-45698,Clickjacking Protection Failure in Sametime Outlook Add-in,"Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.
",Hcl Software,Hcl Sametime,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-02-10T03:24:40.127Z,0
CVE-2023-45696,https://securityvulnerability.io/vulnerability/CVE-2023-45696,Sametime Impacted by Autocomplete Feature in Legacy Web Chat Client,"The HCL Sametime Legacy Web Chat Client is vulnerable due to the inappropriate handling of sensitive fields with autocomplete enabled. This vulnerability permits the web browser to store user input data by default, potentially leading to unintended exposure of sensitive information. It is essential for users and administrators to be aware of this issue to implement necessary security measures, such as disabling autocomplete features and sanitizing any sensitive entries made through the client.",HCL Software,HCL Sametime,7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2024-02-10T03:10:30.423Z,0
CVE-2023-45718,https://securityvulnerability.io/vulnerability/CVE-2023-45718,Sametime Sessions Failure: Persistent Cookie Values Cause Security Risks,"In HCL Sametime Web clients, there exists a notable session management issue due to a lack of proper session invalidation. Specifically, sensitive cookie values are being set to persist even after the user terminates their session. This flaw can lead to potential security risks, allowing unauthorized users to potentially exploit valid cookies after a legitimate user's session has ended. Proper handling of session data is crucial to safeguarding user information and maintaining application integrity.",HCL Software,HCL Sametime,7.5,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2024-02-09T21:22:09.163Z,0
CVE-2023-45716,https://securityvulnerability.io/vulnerability/CVE-2023-45716,HCL Sametime is impacted by a sensitive information disclosure,"Sametime is impacted by sensitive information passed in URL. 
",Hcl Software,Hcl Sametime,1.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-09T21:17:50.900Z,0
CVE-2023-50349,https://securityvulnerability.io/vulnerability/CVE-2023-50349,Sametime Vulnerable to CSRF Attacks,"HCL Sametime Proxy is subject to a Cross Site Request Forgery (CSRF) vulnerability that affects certain REST APIs. This flaw allows attackers to perform unauthorized actions through the application, potentially compromising user data or application integrity. Implementing security measures to mitigate the risk associated with CSRF attacks is essential for safeguarding the interests of users and maintaining the stability of the application. Organizations using HCL Sametime Proxy should be proactive in applying patches and conducting security assessments to protect against this type of vulnerability.",HCL Software,HCL Sametime,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-09T20:15:03.715Z,0
CVE-2022-42446,https://securityvulnerability.io/vulnerability/CVE-2022-42446,HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access,"Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
",Hcl Software,Hcl Sametime,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-12-12T13:15:00.000Z,0
CVE-2021-27753,https://securityvulnerability.io/vulnerability/CVE-2021-27753,Path Traversal Vulnerability in Sametime Mobile App by HCL Tech,"The vulnerability in the HCL Sametime Android application allows attackers to exploit path traversal issues, potentially leading to unauthorized access to sensitive files stored on the device. This flaw can be used to manipulate file paths and access directories that should be restricted, raising significant security concerns for users of the mobile application.",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-02-21T17:49:28.000Z,0
CVE-2021-27755,https://securityvulnerability.io/vulnerability/CVE-2021-27755,Path Traversal Vulnerability in Sametime Android by HCL Technologies,"A path traversal vulnerability exists in the HCL Sametime Android application due to improper validation of file paths when using the File class. This flaw could allow a malicious actor to access restricted files or directories on the host system, potentially leading to unauthorized exposure of data. Users are advised to review the impacted versions and apply the necessary updates to mitigate risks associated with this vulnerability.",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-02-21T17:49:28.000Z,0