17 matches found
CVE-2021-27769
CVE-2021-27769 corresponds to an information-disclosure vulnerability in HCL Sametime. Connected CNVD entry CNVD-2022-71651 specifies that HCL Sametime version 11.6 suffers from a lack of effective restrictions on sensitive information displayed on websites, enabling information leakage. The CVE ...
CVE-2021-27771
CVE-2021-27771 affects HCL Sametime (version 11.6 per CNVD) where an attacker can modify the user SID stored in cookies to trigger arbitrary file upload or deletion of directories, leading to a Denial of Service. The vulnerability arises from SID handling within the Sametime chat/file transfer fl...
CVE-2023-37540
The CVE-2023-37540 entry concerns the Sametime Connect desktop chat client, which includes but does not use or require an Eclipse Secure Storage feature. The underlying issue is the use of an Eclipse feature to store sensitive data, which can lead to exposure of that data (information disclosure)...
CVE-2021-27773
CVE-2021-27773 affects HCL Sametime, specifically version 11.6, where the issue enables clickjacking within the meeting chat. The vulnerability is documented with a CVSSv3.1 base score of 4.3 (Medium) and CVSSv2 base score 4.3, indicating network-based exposure with no privileges and user interac...
CVE-2023-50349
CVE-2023-50349 affects HCL Sametime, specifically REST APIs in the Sametime Proxy, where a CSRF vulnerability can allow an attacker to perform malicious actions. The entry is supported by NVD data showing a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact ...
CVE-2022-42446
Sametime 12 and later allows anonymous users by default, enabling after-login access to browse the User Directory and potentially initiate chats with internal users. Root cause involves anonymous access being active, which exposes directory lookup functionality. Remediation across sources include...
CVE-2021-27772
CVE-2021-27772 concerns an authorization flaw in HCL Sametime (notably in versions around 11.6 per connected CNVD/CNNVD records) that allows users to read contents of group conversations without participating . The underlying issue enables leakage of confidential information discussed in private ...
CVE-2024-30124
CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...
CVE-2021-27770
CVE-2021-27770 affects HCL Sametime with the FaviconService, where a base64-encoded URL is requested by the webserver and can be used via the meetings function to direct the online meeting to an external URL. The root cause is described as lack of external URL absorption in FaviconService, enabli...
CVE-2023-45716
The CVE-2023-45716 entry involves IBM/HCL Sametime where sensitive information is transmitted in URLs, causing a potential information disclosure. Affected software is Sametime (HCL IBM Sametime family), with the underlying issue described as sensitive data leakage via URL parameters. Documented ...
CVE-2023-50355
CVE-2023-50355 affects HCL Sametime, where error messages disclose sensitive information. This leakage could enable targeted follow-up attacks. Reported CVSS from NVD indicates MEDIUM base risk (C/L, A/N), with local/remote nuances in other sources. The connected documents do not provide a confir...
CVE-2024-30122
CVE-2024-30122 affects HCL Sametime due to misconfigured security-related HTTP headers; some headers are missing from web service responses, causing browser default policy handling to be less secure. Root cause: HTTP header omissions in Sametime web responses. Documents provide descriptions acros...
CVE-2023-45718
CVE-2023-45718 affects HCL Sametime Web: a failure to invalidate sessions causes sensitive cookie values to persist after a user closes the session. The NVD entry notes a high overall impact (CVSS v3.1: 7.5, HIGH) with network attack vector and no user interaction. The description specifies cooki...
CVE-2023-45696
CVE-2023-45696 affects HCL Sametime, specifically issues in the Legacy web chat client where autocomplete is enabled for sensitive input fields. The underlying consequence is that user-entered data can be stored by the browser by default. Current documents provide the vulnerability description an...
CVE-2026-21786
Technical details about CVE-2026-21786 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-31966
CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...
CVE-2026-21791
CVE-2026-21791 affects HCL Sametime for Android. The vulnerability involves sensitive information disclosure where hostnames are written to application logs and certain URLs may be exposed. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) yields a LOW base score of 3.3, with local attack...