HCL Sametime is vulnerable to an information disclosure
CVE-2021-27772

7.1HIGH

Key Information:

Vendor: Hcl Software
Status: Sametime
Vendor: CVE Published:; 12 May 2022

Summary

Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.

Affected Version(s)

Sametime 11.6

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Feb 26, 2021