CVE-2023-50355 - Vulnerability Details - OpenCVE

HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Sametime

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:sametime::::::::
	cpe:2.3:a:hcltech:sametime:12.0.2:-::::::

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627

History

Thu, 31 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech sametime
CPEs		cpe:2.3:a:hcltech:sametime:::::::: cpe:2.3:a:hcltech:sametime:12.0.2:-::::::
Vendors & Products		Hcltech Hcltech sametime

Thu, 24 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 22:30:00 +0000

Type	Values Removed	Values Added
Description		HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.
Title		HCL Sametime is impacted by generation of error messages containing sensitive information
Weaknesses		CWE-209
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Metrics		cvssV3_1 `{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-10-23T22:17:52.737Z

Updated: 2024-10-24T14:14:50.538Z

Reserved: 2023-12-07T03:59:48.772Z

Link: CVE-2023-50355

Vulnrichment

Updated: 2024-10-24T14:14:47.157Z

NVD

Status : Analyzed

Published: 2024-10-23T23:15:12.170

Modified: 2024-10-31T15:18:27.160

Link: CVE-2023-50355

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50355", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-12-07T03:59:48.772Z", "datePublished": "2024-10-23T22:17:52.737Z", "dateUpdated": "2024-10-24T14:14:50.538Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sametime", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "<=12.0.2"}]}], "datePublic": "2024-10-22T19:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.</span> </span><br>"}], "value": "HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T22:17:52.737Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Sametime is impacted by generation of error messages containing sensitive information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T14:14:42.657119Z", "id": "CVE-2023-50355", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T14:14:50.538Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50355", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-12-07T03:59:48.772Z", "datePublished": "2024-10-23T22:17:52.737Z", "dateUpdated": "2024-10-24T14:14:50.538Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sametime", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "<=12.0.2"}]}], "datePublic": "2024-10-22T19:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.</span> </span><br>"}], "value": "HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T22:17:52.737Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Sametime is impacted by generation of error messages containing sensitive information", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50355", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T14:14:42.657119Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T14:14:47.157Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338", "versionEndExcluding": "12.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "D6A54E0B-DB62-4674-B57D-827A55BBE2CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack."}, {"lang": "es", "value": "HCL Sametime se ve afectado por los mensajes de error que contienen informaci\u00f3n confidencial. Un atacante puede usar esta informaci\u00f3n para lanzar otro ataque m\u00e1s espec\u00edfico."}], "id": "CVE-2023-50355", "lastModified": "2024-10-31T15:18:27.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2024-10-23T23:15:12.170", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@hcl.com", "type": "Secondary"}]}