CVE-2023-37540 — LOW (3.9) — White Hats Nepal

Q: How severe is CVE-2023-37540?

CVE-2023-37540 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-37540?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Sametime.

Vulnerability Description

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.

CVSS Score

3.9

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hcltech	Sametime	>= 11.5, < 12.0.2

Related Weaknesses (CWE)

CWE-922

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082Vendor Advisory

FAQ

What is CVE-2023-37540?

CVE-2023-37540 is a vulnerability with a CVSS score of 3.9 (LOW). Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure...

How severe is CVE-2023-37540?

CVE-2023-37540 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-37540?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Sametime.