CVE-2024-30122: HCL Sametime is impacted by misconfigured security related HTTP headers
First published: Wed Oct 23 2024(Updated: )
HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sametime | <12.0.2 | |
| IBM Sametime | =12.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-30122?
The severity of CVE-2024-30122 is classified as medium due to the potential impact on security headers.
How do I fix CVE-2024-30122?
To fix CVE-2024-30122, configure the HTTP headers correctly in your HCL Sametime application settings.
What versions of HCL Sametime are affected by CVE-2024-30122?
CVE-2024-30122 affects HCL Sametime versions prior to 12.0.2 and version 12.0.2 itself.
What impact does CVE-2024-30122 have on web applications?
CVE-2024-30122 can lead to security vulnerabilities and less secure web application behavior due to missing HTTP security headers.
Is HCL Sametime 12.0.2 safe from CVE-2024-30122?
HCL Sametime version 12.0.2 is not safe from CVE-2024-30122 unless the security headers are properly configured.
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hcltech
- canonical/ibm sametime
- version/ibm sametime/12.0.2