CVE-2023-50355

HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:sametime::::::::
	cpe:2.3:a:hcltech:sametime:12.0.2:-::::::

History

31 Oct 2024, 15:18

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~3.6~~	v2 : unknown v3 : 5.3
First Time		Hcltech sametime Hcltech
References	~~() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 -~~	() https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 - Vendor Advisory
CPE		cpe:2.3:a:hcltech:sametime:::::::: cpe:2.3:a:hcltech:sametime:12.0.2:-::::::

25 Oct 2024, 12:56

Type	Values Removed	Values Added
Summary		(es) HCL Sametime se ve afectado por los mensajes de error que contienen información confidencial. Un atacante puede usar esta información para lanzar otro ataque más específico.

23 Oct 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-23 23:15

Updated : 2024-10-31 15:18

NVD link : CVE-2023-50355

Mitre link : CVE-2023-50355

CVE.ORG link : CVE-2023-50355

JSON object : View

Products Affected

hcltech

sametime

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2023-50355", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-10-23T23:15:12.170", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack."}, {"lang": "es", "value": "HCL Sametime se ve afectado por los mensajes de error que contienen informaci\u00f3n confidencial. Un atacante puede usar esta informaci\u00f3n para lanzar otro ataque m\u00e1s espec\u00edfico."}], "lastModified": "2024-10-31T15:18:27.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338", "versionEndExcluding": "12.0.2"}, {"criteria": "cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A54E0B-DB62-4674-B57D-827A55BBE2CA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}