CVE-2023-45696

Description

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

HCL Software / HCL Sametime11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1 – 11.5, 11.6, 11.6 IF1, 12.0, 12.0 FP1, 12.0.1, 12.0.1 FP1

References

MISChttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082