Vulnerabilities > CVE-2021-27770 - Unspecified vulnerability in Hcltech Sametime 11.6

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hcltech

NVD

Published: 2022-05-12

Updated: 2023-06-30

Summary

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.

Vulnerable Configurations

Part	Description	Count
Application	Hcltech Hcltech Sametime 11.6	1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430