HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access
CVE-2022-42446

6.5MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Sametime
Vendor: CVE Published:; 12 December 2022

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2022-42446?

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.

Affected Version(s)

HCL Sametime 12.0, 12.0FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Oct 6, 2022