CVE-2024-30122

low-risk
Published 2024-10-23

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.8/10 Medium
NETWORK / HIGH complexity

Affected Products (2)

Sametime
Sametime

Affected Vendors

Hcltech

References (1)

Vendor Advisory https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low