CVE-2022-42446 HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users...

CVE-2022-42446 HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users...

CVE-2022-42446

Sametime 12 and later allows anonymous users by default, enabling after-login access to browse the User Directory and potentially initiate chats with internal users. Root cause involves anonymous access being active, which exposes directory lookup functionality. Remediation across sources include...

PT-2022-26437 · Ibm · Sametime

Name of the Vulnerable Software and Affected Versions: Sametime versions 12 and later Description: The issue allows anonymous users to browse the User Directory and potentially create chats with internal users after logging in. Recommendations: For Sametime version 12 and later, consider disablin...

Fedora: Security Advisory for pidgin (FEDORA-2022-4490dce823)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: pidgin-2.14.6-3.fc35

Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an...

HCL Technologies HCL Sametime Licensing Issue Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, is vulnerable to an authorization issue in HCL Sametime version 11.6, which stems from an application where users can read group conversations without actively participating, which could be exploited to read sensitive information...

HCL Technologies HCL Sametime Information Disclosure Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6 that stems from a lack of external URL absorption in FaviconService, which could be exploited by an attacker to specify the external URL where the online meeting...

HCL Technologies HCL Sametime Clickjacking Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6 that could be exploited by attackers to conduct clickjacking attacks in conference chats...

HCL Technologies HCL Sametime Information Disclosure Vulnerability (CNVD-2022-71651)

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6, which stems from a lack of effective restrictions on sensitive information on websites, which could be exploited by attackers to gain access to sensitive...

HCL Technologies HCL Sametime File Upload Vulnerability

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...

GHSA-JVR5-R663-QXGW Jenkins Sametime Plugin stores credentials in plain text

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file hudson.plugins.sametime.im.transport.SametimePublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Sametime Plugin stores credentials in plain text

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file hudson.plugins.sametime.im.transport.SametimePublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...

CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...

CVE-2021-27773 HCL Sametime is vulnerable to clickjacking

This vulnerability allows users to execute a clickjacking attack in the meeting's chat...

CVE-2021-27772 HCL Sametime is vulnerable to an information disclosure

Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead t...

CVE-2021-27771

CVE-2021-27771 affects HCL Sametime (version 11.6 per CNVD) where an attacker can modify the user SID stored in cookies to trigger arbitrary file upload or deletion of directories, leading to a Denial of Service. The vulnerability arises from SID handling within the Sametime chat/file transfer fl...

CVE-2021-27771 HCL Sametime is susceptible a file transfer service vulnerability

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID SID. This value is also used when sending chat messages,...

CVE-2021-27770 HCL Sametime is vulnerable to arbitrary HTTP requests

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place...