Unrated severityNVD Advisory· Published May 12, 2022· Updated Sep 16, 2024
HCL Sametime is vulnerable to arbitrary HTTP requests
CVE-2021-27770
Description
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
Affected products
2- HCL Software/Sametimev5Range: 11.6
Patches
Vulnerability mechanics
References
1- support.hcltechsw.com/csmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.