{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-30122","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2024-03-22T23:57:22.507Z","datePublished":"2024-10-23T14:59:04.223Z","dateUpdated":"2024-11-25T17:29:41.465Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Sametime","vendor":"HCL Software","versions":[{"status":"affected","version":"<=12.0.2"}]}],"datePublic":"2024-10-22T19:48:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.</span><br>"}],"value":"HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2024-10-23T14:59:04.223Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}],"source":{"discovery":"UNKNOWN"},"title":"HCL Sametime is impacted by misconfigured security related HTTP headers","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-922","lang":"en","description":"CWE-922 Insecure Storage of Sensitive Information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T15:54:08.455552Z","id":"CVE-2024-30122","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-25T17:29:41.465Z"}}]}}