VYPR
Unrated severityNVD Advisory· Published May 12, 2022· Updated Sep 16, 2024

HCL Sametime is vulnerable to arbitrary HTTP requests

CVE-2021-27770

Description

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.