Cam Lischke

**Name of the Vulnerable Software and Affected Versions** Quest Coexistence Manager for Notes version 3.8.2045 **Description** An inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') exists in Quest Coexistence Manager for Notes (Free/Busy Connector modules). This allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. Successful exploitation could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests. **Recommendations** Update Quest Coexistence Manager for Notes to a version that addresses this issue. As a temporary workaround, consider restricting or disabling the Free/Busy Connector modules until a patch is available.