CVE-2023-50349 MEDIUM

CVE-2023-50349: HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability

Vendor Hcl Software
Product HCL Sametime
Published February 9, 2024
Last update June 17, 2025

CVSS base score

5.9/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.

Key dates

02Disclosure timeline

February 9, 2024 CVE published
June 17, 2025 Record updated