CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50355 – HCL Sametime is impacted by generation of error messages containing sensitive information
https://notcve.org/view.php?id=CVE-2023-50355
23 Oct 2024 — HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30124 – HCL Sametime is impacted by insecure services
https://notcve.org/view.php?id=CVE-2024-30124
23 Oct 2024 — HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30122 – HCL Sametime is impacted by misconfigured security related HTTP headers
https://notcve.org/view.php?id=CVE-2024-30122
23 Oct 2024 — HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45716 – HCL Sametime is impacted by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45716
09 Feb 2024 — Sametime is impacted by sensitive information passed in URL. Sametime se ve afectado por la información confidencial transmitida en la URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50349 – HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50349
09 Feb 2024 — Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. Sametime se ve afectado por una vulnerabilidad de Cross Site Request Forgery (CSRF). Algunas API REST de la aplicación Sametime Proxy pueden permitir que un atacante realice acciones maliciosas en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42446 – HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access
https://notcve.org/view.php?id=CVE-2022-42446
30 Nov 2022 — Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. A partir de Sametime 12, los usuarios anónimos están habilitados de forma predeterminada. Después de iniciar sesión como usuario anónimo, uno tiene la posibilidad de explorar el directorio de usuarios y potencialmente crear chats con usuarios internos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27773 – HCL Sametime is vulnerable to clickjacking
https://notcve.org/view.php?id=CVE-2021-27773
12 May 2022 — This vulnerability allows users to execute a clickjacking attack in the meeting's chat. Esta vulnerabilidad permite a usuarios ejecutar un ataque de clickjacking en el chat de la reunión • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27772 – HCL Sametime is vulnerable to an information disclosure
https://notcve.org/view.php?id=CVE-2021-27772
12 May 2022 — Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge. Los usuarios pueden leer las conversaciones de grupo sin participar activamente en... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 • CWE-285: Improper Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27771 – HCL Sametime is susceptible a file transfer service vulnerability
https://notcve.org/view.php?id=CVE-2021-27771
12 May 2022 — User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. El SID del usuario puede ser modificado resultando en una Carga Arbitraria de Archivos o borrado de directorios causando una Denegación de Servicio. Cuando interac... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27770 – HCL Sametime is vulnerable to arbitrary HTTP requests
https://notcve.org/view.php?id=CVE-2021-27770
12 May 2022 — The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place. Una vulnerabilidad fue detectada dentro de "FaviconService". El servicio toma una URL codificada en base64 que luego es solicitada por el servidor web. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 • CWE-472: External Control of Assumed-Immutable Web Parameter •