CVE-2024-30122 (GCVE-0-2024-30122)

Vulnerability from cvelistv5 – Published: 2024-10-23 14:59 – Updated: 2024-11-25 17:29
VLAI?
Title
HCL Sametime is impacted by misconfigured security related HTTP headers
Summary
HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.
Severity ?
5.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE
  • CWE-922 - Insecure Storage of Sensitive Information
Assigner
HCL
References
Impacted products
Vendor Product Version
HCL Software Sametime Affected: <=12.0.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T15:54:08.455552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T17:29:41.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sametime",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=12.0.2"
            }
          ]
        }
      ],
      "datePublic": "2024-10-22T19:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T14:59:04.223Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115627"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL Sametime is impacted by misconfigured security related HTTP headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2024-30122",
    "datePublished": "2024-10-23T14:59:04.223Z",
    "dateReserved": "2024-03-22T23:57:22.507Z",
    "dateUpdated": "2024-11-25T17:29:41.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.0.2\", \"matchCriteriaId\": \"FDA15EE5-1675-469C-BF7B-DB9FDE95F338\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A54E0B-DB62-4674-B57D-827A55BBE2CA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.\"}, {\"lang\": \"es\", \"value\": \"HCL Sametime se ve afectado por encabezados HTTP relacionados con la seguridad mal configurados. Se identific\\u00f3 que faltaban algunos encabezados HTTP en las respuestas del servicio web. Esto provocar\\u00e1 un tratamiento predeterminado menos seguro del navegador para las pol\\u00edticas controladas por estos encabezados.\"}]",
      "id": "CVE-2024-30122",
      "lastModified": "2024-11-25T18:15:11.213",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@hcl.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-10-23T15:15:30.390",
      "references": "[{\"url\": \"https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115627\", \"source\": \"psirt@hcl.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@hcl.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-922\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-30122\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2024-10-23T15:15:30.390\",\"lastModified\":\"2024-11-25T18:15:11.213\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.\"},{\"lang\":\"es\",\"value\":\"HCL Sametime se ve afectado por encabezados HTTP relacionados con la seguridad mal configurados. Se identific\u00f3 que faltaban algunos encabezados HTTP en las respuestas del servicio web. Esto provocar\u00e1 un tratamiento predeterminado menos seguro del navegador para las pol\u00edticas controladas por estos encabezados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"FDA15EE5-1675-469C-BF7B-DB9FDE95F338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A54E0B-DB62-4674-B57D-827A55BBE2CA\"}]}]}],\"references\":[{\"url\":\"https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115627\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30122\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T15:54:08.455552Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T15:54:13.869Z\"}}], \"cna\": {\"title\": \"HCL Sametime is impacted by misconfigured security related HTTP headers\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"Sametime\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=12.0.2\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-10-22T19:48:00.000Z\", \"references\": [{\"url\": \"https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115627\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eHCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2024-10-23T14:59:04.223Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-30122\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-25T17:29:41.465Z\", \"dateReserved\": \"2024-03-22T23:57:22.507Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2024-10-23T14:59:04.223Z\", \"assignerShortName\": \"HCL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.