Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech sametime vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-50349
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an malicious user to perform malicious actions on the application.
Hcltech Sametime
4.1
CVSSv3
CVE-2023-45716
Sametime is impacted by sensitive information passed in URL.
Hcltech Sametime
5.5
CVSSv3
CVE-2021-27753
"Sametime Android PathTraversal Vulnerability"
Hcltech Hcl Sametime
5.5
CVSSv3
CVE-2021-27755
"Sametime Android potential path traversal vulnerability when using File class"
Hcltech Hcl Sametime
8.8
CVSSv3
CVE-2021-27770
The vulnerability exists within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meetin...
Hcltech Sametime 11.6
4.3
CVSSv3
CVE-2021-27773
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.
Hcltech Sametime 11.6
5.3
CVSSv3
CVE-2021-27769
Information leakage occurs when a website reveals information that could aid an malicious user to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for ...
Hcltech Sametime 11.6
6.5
CVSSv3
CVE-2021-27772
Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. ...
Hcltech Sametime 11.6
6.5
CVSSv3
CVE-2022-42446
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
Hcltech Sametime 12.0
7.6
CVSSv3
CVE-2021-27771
User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sendi...
Hcltech Sametime 11.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »