VYPR
Unrated severityNVD Advisory· Published May 12, 2022· Updated Sep 17, 2024

HCL Sametime is susceptible a file transfer service vulnerability

CVE-2021-27771

Description

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.