CVE-2024-30124 - Vulnerability Details - OpenCVE

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00076.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hcltech	Sametime

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:sametime::::::::
	cpe:2.3:a:hcltech:sametime:12.0.2:-::::::

No data.

No data.

References

Link	Providers
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627

History

Thu, 08 Jan 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hcltech Hcltech sametime
CPEs		cpe:2.3:a:hcltech:sametime:::::::: cpe:2.3:a:hcltech:sametime:12.0.2:-::::::
Vendors & Products		Hcltech Hcltech sametime

Tue, 29 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1188

Wed, 23 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.
Title		HCL Sametime is impacted by insecure services
References		https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627
Metrics		cvssV3_1 `{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2024-10-23T15:17:24.303Z

Updated: 2024-10-29T14:36:33.446Z

Reserved: 2024-03-22T23:57:22.507Z

Link: CVE-2024-30124

Vulnrichment

Updated: 2024-10-23T18:34:34.118Z

NVD

Status : Analyzed

Published: 2024-10-23T16:15:05.667

Modified: 2026-01-08T19:46:12.250

Link: CVE-2024-30124

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30124", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2024-03-22T23:57:22.507Z", "datePublished": "2024-10-23T15:17:24.303Z", "dateUpdated": "2024-10-29T14:36:33.446Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sametime", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "<=12.0.2"}]}], "datePublic": "2024-10-22T19:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. </span><br>"}], "value": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T15:17:24.303Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Sametime is impacted by insecure services", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1188", "lang": "en", "description": "CWE-1188 Initialization of a Resource with an Insecure Default"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T18:34:29.313400Z", "id": "CVE-2024-30124", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T14:36:33.446Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30124", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T18:34:29.313400Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188 Initialization of a Resource with an Insecure Default"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T18:34:34.118Z"}}], "cna": {"title": "HCL Sametime is impacted by insecure services", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "Sametime", "versions": [{"status": "affected", "version": "<=12.0.2"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-22T19:48:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. </span><br>", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-10-23T15:17:24.303Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30124", "state": "PUBLISHED", "dateUpdated": "2024-10-29T14:36:33.446Z", "dateReserved": "2024-03-22T23:57:22.507Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-10-23T15:17:24.303Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338", "versionEndExcluding": "12.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:sametime:12.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "D6A54E0B-DB62-4674-B57D-827A55BBE2CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously."}, {"lang": "es", "value": "HCL Sametime se ve afectado por servicios inseguros que se utilizan en el cliente UIM de forma predeterminada. Se habilit\u00f3 un servicio REST heredado sin usar de forma predeterminada mediante el protocolo HTTP. Un atacante podr\u00eda usar este endpoint de servicio de forma maliciosa."}], "id": "CVE-2024-30124", "lastModified": "2026-01-08T19:46:12.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-23T16:15:05.667", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}