Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27772

Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.

Published

2022-05-12T22:15:11.943

Last Modified

2024-11-21T05:58:32.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	sametime	11.6	Yes

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 Vendor Advisory ([email protected])
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)