19 results (0.007 seconds)

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115627 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

Sametime is impacted by sensitive information passed in URL. Sametime se ve afectado por la información confidencial transmitida en la URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. Sametime se ve afectado por una vulnerabilidad de Cross Site Request Forgery (CSRF). Algunas API REST de la aplicación Sametime Proxy pueden permitir que un atacante realice acciones maliciosas en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-352: Cross-Site Request Forgery (CSRF) •