Unrated severityNVD Advisory· Published May 12, 2022· Updated Sep 17, 2024
HCL Sametime is susceptible a file transfer service vulnerability
CVE-2021-27771
Description
User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files.
Affected products
2- HCL Software/Sametimev5Range: 11.6
Patches
Vulnerability mechanics
References
1- support.hcltechsw.com/csmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.