CVE-2023-37540

{"id": "CVE-2023-37540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.3}]}, "published": "2024-02-23T07:15:47.700", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.\n"}, {"lang": "es", "value": "El cliente de chat de escritorio de Sametime Connect incluye, pero no utiliza ni requiere, el uso de una caracter\u00edstica de Eclipse llamada Almacenamiento seguro. El uso de esta funci\u00f3n de Eclipse para almacenar datos confidenciales puede provocar la exposici\u00f3n de esos datos."}], "lastModified": "2026-01-09T13:51:50.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB79405-6D48-490D-BBF5-FFC42551C721", "versionEndExcluding": "12.0.2", "versionStartIncluding": "11.5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}