CVE-2023-45718 LOW

CVE-2023-45718: HCL Sametime is impacted by a failure to invalidate sessions

Vendor Hcl Software
Product HCL Sametime
Published February 9, 2024
Last update June 3, 2025

CVSS base score

3.9/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.  

Key dates

02Disclosure timeline

February 9, 2024 CVE published
June 3, 2025 Record updated