CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:sametime::::::::
	cpe:2.3:a:hcltech:sametime:12.0.2:-::::::

History

No history.

Information

Published : 2024-10-23 16:15

Updated : 2026-01-08 19:46

NVD link : CVE-2024-30124

Mitre link : CVE-2024-30124

CVE.ORG link : CVE-2024-30124

JSON object : View

Products Affected

hcltech

sametime

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

{"id": "CVE-2024-30124", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "published": "2024-10-23T16:15:05.667", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously."}, {"lang": "es", "value": "HCL Sametime se ve afectado por servicios inseguros que se utilizan en el cliente UIM de forma predeterminada. Se habilit\u00f3 un servicio REST heredado sin usar de forma predeterminada mediante el protocolo HTTP. Un atacante podr\u00eda usar este endpoint de servicio de forma maliciosa."}], "lastModified": "2026-01-08T19:46:12.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338", "versionEndExcluding": "12.0.2"}, {"criteria": "cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A54E0B-DB62-4674-B57D-827A55BBE2CA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}