cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-50355,https://securityvulnerability.io/vulnerability/CVE-2023-50355,"Error Messages Expose Sensitive Information, Leading to Potential Attacks","HCL Sametime is impacted by the error messages containing sensitive information.  An attacker can use this information to launch another, more focused attack.",Hcl Software,Sametime,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-23T23:15:00.000Z,0
CVE-2024-30122,https://securityvulnerability.io/vulnerability/CVE-2024-30122,,HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.,HCL Software,Sametime,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-23T15:15:00.000Z,0
CVE-2023-37540,https://securityvulnerability.io/vulnerability/CVE-2023-37540,Sametime Connect Desktop Chat Client Vulnerability,"The HCL Sametime Connect desktop chat client has a vulnerability related to its implementation of the Eclipse framework. Although the Eclipse feature called Secure Storage is included, it is not utilized effectively. This oversight can result in the unintended exposure of sensitive data, posing significant risks to users who rely on the chat client for confidential communications. Proper measures should be taken to mitigate the risk associated with this issue.",Hcl Software,Hcl Sametime Chat,3.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-23T07:00:59.008Z,0
CVE-2023-45698,https://securityvulnerability.io/vulnerability/CVE-2023-45698,Clickjacking Protection Failure in Sametime Outlook Add-in,"Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.
",Hcl Software,Hcl Sametime,6.1,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-02-10T03:24:40.127Z,0
CVE-2023-45696,https://securityvulnerability.io/vulnerability/CVE-2023-45696,Sametime Impacted by Autocomplete Feature in Legacy Web Chat Client,"The HCL Sametime Legacy Web Chat Client is vulnerable due to the inappropriate handling of sensitive fields with autocomplete enabled. This vulnerability permits the web browser to store user input data by default, potentially leading to unintended exposure of sensitive information. It is essential for users and administrators to be aware of this issue to implement necessary security measures, such as disabling autocomplete features and sanitizing any sensitive entries made through the client.",HCL Software,HCL Sametime,7.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2024-02-10T03:10:30.423Z,0
CVE-2023-45718,https://securityvulnerability.io/vulnerability/CVE-2023-45718,Sametime Sessions Failure: Persistent Cookie Values Cause Security Risks,"In HCL Sametime Web clients, there exists a notable session management issue due to a lack of proper session invalidation. Specifically, sensitive cookie values are being set to persist even after the user terminates their session. This flaw can lead to potential security risks, allowing unauthorized users to potentially exploit valid cookies after a legitimate user's session has ended. Proper handling of session data is crucial to safeguarding user information and maintaining application integrity.",HCL Software,HCL Sametime,7.5,HIGH,0.0009399999980814755,false,false,false,false,,false,false,2024-02-09T21:22:09.163Z,0
CVE-2023-45716,https://securityvulnerability.io/vulnerability/CVE-2023-45716,HCL Sametime is impacted by a sensitive information disclosure,"Sametime is impacted by sensitive information passed in URL. 
",Hcl Software,Hcl Sametime,1.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-02-09T21:17:50.900Z,0
CVE-2023-50349,https://securityvulnerability.io/vulnerability/CVE-2023-50349,Sametime Vulnerable to CSRF Attacks,"HCL Sametime Proxy is subject to a Cross Site Request Forgery (CSRF) vulnerability that affects certain REST APIs. This flaw allows attackers to perform unauthorized actions through the application, potentially compromising user data or application integrity. Implementing security measures to mitigate the risk associated with CSRF attacks is essential for safeguarding the interests of users and maintaining the stability of the application. Organizations using HCL Sametime Proxy should be proactive in applying patches and conducting security assessments to protect against this type of vulnerability.",HCL Software,HCL Sametime,8.8,HIGH,0.0005600000149570405,false,false,false,false,,false,false,2024-02-09T20:15:03.715Z,0
CVE-2022-42446,https://securityvulnerability.io/vulnerability/CVE-2022-42446,HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access,"Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
",Hcl Software,Hcl Sametime,6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2022-12-12T13:15:00.000Z,0
CVE-2021-27769,https://securityvulnerability.io/vulnerability/CVE-2021-27769,HCL Sametime is vulnerable to an information disclosure,"Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a breach is likely to occur. Overall, any information that could be used for an attack should be limited whenever possible.",Hcl Software,Sametime,5.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2022-05-12T22:15:00.000Z,0
CVE-2021-27771,https://securityvulnerability.io/vulnerability/CVE-2021-27771,HCL Sametime is susceptible a file transfer service vulnerability,"User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files.",Hcl Software,Sametime,8.2,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-05-12T22:15:00.000Z,0
CVE-2021-27770,https://securityvulnerability.io/vulnerability/CVE-2021-27770,HCL Sametime is vulnerable to arbitrary HTTP requests,The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.,Hcl Software,Sametime,6.8,MEDIUM,0.0020099999383091927,false,false,false,false,,false,false,2022-05-12T22:15:00.000Z,0
CVE-2021-27773,https://securityvulnerability.io/vulnerability/CVE-2021-27773,HCL Sametime is vulnerable to clickjacking,This vulnerability allows users to execute a clickjacking attack in the meeting's chat.,Hcl Software,Sametime,4.2,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2022-05-12T22:15:00.000Z,0
CVE-2021-27772,https://securityvulnerability.io/vulnerability/CVE-2021-27772,HCL Sametime is vulnerable to an information disclosure,"Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.",Hcl Software,Sametime,7.1,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2022-05-12T22:15:00.000Z,0
CVE-2021-27753,https://securityvulnerability.io/vulnerability/CVE-2021-27753,,"""Sametime Android PathTraversal Vulnerability""",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-02-21T17:49:28.000Z,0
CVE-2021-27755,https://securityvulnerability.io/vulnerability/CVE-2021-27755,,"""Sametime Android potential path traversal vulnerability when using File class""",HCL Software,"""hcl Sametime""",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-02-21T17:49:28.000Z,0