Lucene search
K
HcltechSametime

17 matches found

CVE
CVE
added 2022/05/12 9:25 p.m.110 views

CVE-2021-27769

CVE-2021-27769 corresponds to an information-disclosure vulnerability in HCL Sametime. Connected CNVD entry CNVD-2022-71651 specifies that HCL Sametime version 11.6 suffers from a lack of effective restrictions on sensitive information displayed on websites, enabling information leakage. The CVE ...

5.3CVSS5.1AI score0.00717EPSS
CVE
CVE
added 2022/05/12 9:25 p.m.94 views

CVE-2021-27771

CVE-2021-27771 affects HCL Sametime (version 11.6 per CNVD) where an attacker can modify the user SID stored in cookies to trigger arbitrary file upload or deletion of directories, leading to a Denial of Service. The vulnerability arises from SID handling within the Sametime chat/file transfer fl...

8.2CVSS7.7AI score0.00683EPSS
CVE
CVE
added 2024/02/23 7:0 a.m.91 views

CVE-2023-37540

The CVE-2023-37540 entry concerns the Sametime Connect desktop chat client, which includes but does not use or require an Eclipse Secure Storage feature. The underlying issue is the use of an Eclipse feature to store sensitive data, which can lead to exposure of that data (information disclosure)...

3.9CVSS4.3AI score0.00175EPSS
CVE
CVE
added 2022/05/12 9:25 p.m.86 views

CVE-2021-27773

CVE-2021-27773 affects HCL Sametime, specifically version 11.6, where the issue enables clickjacking within the meeting chat. The vulnerability is documented with a CVSSv3.1 base score of 4.3 (Medium) and CVSSv2 base score 4.3, indicating network-based exposure with no privileges and user interac...

4.3CVSS4.6AI score0.00438EPSS
CVE
CVE
added 2024/02/09 8:15 p.m.73 views

CVE-2023-50349

CVE-2023-50349 affects HCL Sametime, specifically REST APIs in the Sametime Proxy, where a CSRF vulnerability can allow an attacker to perform malicious actions. The entry is supported by NVD data showing a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact ...

8.8CVSS8.7AI score0.00241EPSS
CVE
CVE
added 2022/11/30 10:54 p.m.71 views

CVE-2022-42446

Sametime 12 and later allows anonymous users by default, enabling after-login access to browse the User Directory and potentially initiate chats with internal users. Root cause involves anonymous access being active, which exposes directory lookup functionality. Remediation across sources include...

6.5CVSS6.4AI score0.0038EPSS
CVE
CVE
added 2022/05/12 9:25 p.m.70 views

CVE-2021-27772

CVE-2021-27772 concerns an authorization flaw in HCL Sametime (notably in versions around 11.6 per connected CNVD/CNNVD records) that allows users to read contents of group conversations without participating . The underlying issue enables leakage of confidential information discussed in private ...

7.1CVSS6.3AI score0.0063EPSS
CVE
CVE
added 2024/10/23 3:17 p.m.66 views

CVE-2024-30124

CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...

4CVSS4.3AI score0.00166EPSS
CVE
CVE
added 2022/05/12 9:25 p.m.60 views

CVE-2021-27770

CVE-2021-27770 affects HCL Sametime with the FaviconService, where a base64-encoded URL is requested by the webserver and can be used via the meetings function to direct the online meeting to an external URL. The root cause is described as lack of external URL absorption in FaviconService, enabli...

8.8CVSS7.6AI score0.00687EPSS
CVE
CVE
added 2024/02/09 9:17 p.m.57 views

CVE-2023-45716

The CVE-2023-45716 entry involves IBM/HCL Sametime where sensitive information is transmitted in URLs, causing a potential information disclosure. Affected software is Sametime (HCL IBM Sametime family), with the underlying issue described as sensitive data leakage via URL parameters. Documented ...

4.1CVSS4.4AI score0.00124EPSS
CVE
CVE
added 2024/10/23 10:17 p.m.57 views

CVE-2023-50355

CVE-2023-50355 affects HCL Sametime, where error messages disclose sensitive information. This leakage could enable targeted follow-up attacks. Reported CVSS from NVD indicates MEDIUM base risk (C/L, A/N), with local/remote nuances in other sources. The connected documents do not provide a confir...

5.3CVSS4AI score0.0023EPSS
CVE
CVE
added 2024/10/23 2:59 p.m.57 views

CVE-2024-30122

CVE-2024-30122 affects HCL Sametime due to misconfigured security-related HTTP headers; some headers are missing from web service responses, causing browser default policy handling to be less secure. Root cause: HTTP header omissions in Sametime web responses. Documents provide descriptions acros...

5.8CVSS5.5AI score0.00214EPSS
CVE
CVE
added 2024/02/09 9:22 p.m.56 views

CVE-2023-45718

CVE-2023-45718 affects HCL Sametime Web: a failure to invalidate sessions causes sensitive cookie values to persist after a user closes the session. The NVD entry notes a high overall impact (CVSS v3.1: 7.5, HIGH) with network attack vector and no user interaction. The description specifies cooki...

7.5CVSS4.3AI score0.00354EPSS
CVE
CVE
added 2024/02/10 3:10 a.m.42 views

CVE-2023-45696

CVE-2023-45696 affects HCL Sametime, specifically issues in the Legacy web chat client where autocomplete is enabled for sensitive input fields. The underlying consequence is that user-entered data can be stored by the browser by default. Current documents provide the vulnerability description an...

7.5CVSS4.3AI score0.00443EPSS
CVE
CVE
added 2026/03/05 7:15 a.m.22 views

CVE-2026-21786

Technical details about CVE-2026-21786 are not publicly available in the provided documents. Monitor for updates.

3.3CVSS5.9AI score0.001EPSS
CVE
CVE
added 2026/03/17 11:29 a.m.16 views

CVE-2025-31966

CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...

2.7CVSS5.9AI score0.00194EPSS
CVE
CVE
added 2026/03/10 10:10 a.m.14 views

CVE-2026-21791

CVE-2026-21791 affects HCL Sametime for Android. The vulnerability involves sensitive information disclosure where hostnames are written to application logs and certain URLs may be exposed. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) yields a LOW base score of 3.3, with local attack...

3.3CVSS5.8AI score0.00131EPSS