5 matches found
HCL Technologies HCL Sametime Information Disclosure Vulnerability
HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6 that stems from a lack of external URL absorption in FaviconService, which could be exploited by an attacker to specify the external URL where the online meeting...
CVE-2021-27770
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place...
Design/Logic Flaw
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place...
CVE-2021-27770 HCL Sametime is vulnerable to arbitrary HTTP requests
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place...
CVE-2021-27770
CVE-2021-27770 affects HCL Sametime with the FaviconService, where a base64-encoded URL is requested by the webserver and can be used via the meetings function to direct the online meeting to an external URL. The root cause is described as lack of external URL absorption in FaviconService, enabli...