8 matches found
CVE-2023-50349
CVE-2023-50349 affects HCL Sametime, specifically REST APIs in the Sametime Proxy, where a CSRF vulnerability can allow an attacker to perform malicious actions. The entry is supported by NVD data showing a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact ...
CVE-2024-30124
CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...
CVE-2023-45716
The CVE-2023-45716 entry involves IBM/HCL Sametime where sensitive information is transmitted in URLs, causing a potential information disclosure. Affected software is Sametime (HCL IBM Sametime family), with the underlying issue described as sensitive data leakage via URL parameters. Documented ...
CVE-2023-50355
CVE-2023-50355 affects HCL Sametime, where error messages disclose sensitive information. This leakage could enable targeted follow-up attacks. Reported CVSS from NVD indicates MEDIUM base risk (C/L, A/N), with local/remote nuances in other sources. The connected documents do not provide a confir...
CVE-2024-30122
CVE-2024-30122 affects HCL Sametime due to misconfigured security-related HTTP headers; some headers are missing from web service responses, causing browser default policy handling to be less secure. Root cause: HTTP header omissions in Sametime web responses. Documents provide descriptions acros...
CVE-2026-21786
Technical details about CVE-2026-21786 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-31966
CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...
CVE-2026-21791
CVE-2026-21791 affects HCL Sametime for Android. The vulnerability involves sensitive information disclosure where hostnames are written to application logs and certain URLs may be exposed. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) yields a LOW base score of 3.3, with local attack...