Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27771 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.5 MEDIUM | 7.6 HIGH |
| User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. | |||||
| CVE-2021-27770 | 1 Hcltech | 1 Sametime | 2022-05-24 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place. | |||||