PT-2025-52508 · Quest · Quest Coexistence Manager For Notes
Cam Lischke
·
Published
2025-12-19
·
Updated
2025-12-20
·
CVE-2025-12874
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear |
Name of the Vulnerable Software and Affected Versions
Quest Coexistence Manager for Notes version 3.8.2045
Description
An inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') exists in Quest Coexistence Manager for Notes (Free/Busy Connector modules). This allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. Successful exploitation could allow an attacker to bypass access controls, poison web caches, hijack sessions, or trigger unintended internal requests.
Recommendations
Update Quest Coexistence Manager for Notes to a version that addresses this issue. As a temporary workaround, consider restricting or disabling the Free/Busy Connector modules until a patch is available.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quest Coexistence Manager For Notes