CVE-2024-30122

Published Oct 23, 2024

Last updated 3 months ago

CVSS medium 5.8

Overview

Description: HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.
Source: psirt@hcl.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-922

Hype score: Not currently trending

CVE-2024-30122 HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lea… https://t.co/miQ6SV9Slv
@CVEnew
23 Oct 2024
275 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338",
            "versionEndExcluding": "12.0.2"
          },
          {
            "criteria": "cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A54E0B-DB62-4674-B57D-827A55BBE2CA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References