{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-37540","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2023-07-06T16:29:45.713Z","datePublished":"2024-02-23T07:00:59.008Z","dateUpdated":"2024-11-29T15:21:39.809Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"HCL Sametime Chat","vendor":"HCL Software","versions":[{"status":"affected","version":"11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1"}]}],"datePublic":"2024-02-23T06:06:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.</span><br>"}],"value":"Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data.\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.9,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2024-02-23T07:00:59.008Z"},"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082"}],"source":{"discovery":"UNKNOWN"},"title":"HCL Sametime Chat is affected by an unimplemented feature in the UI ","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-922","lang":"en","description":"CWE-922 Insecure Storage of Sensitive Information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-23T14:33:43.818856Z","id":"CVE-2023-37540","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-29T15:21:39.809Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:16:30.483Z"},"title":"CVE Program Container","references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082","tags":["x_transferred"]}]}]}}