The vulnerability exists within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hcltech sametime 11.6 |