HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access
CVE-2022-42446

6.5MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Sametime
Vendor: CVE Published:; 12 December 2022

Summary

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.

Affected Version(s)

HCL Sametime 12.0, 12.0FP1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Oct 6, 2022