First published: Fri Apr 15 2022(Updated: )
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
Credit: psirt@hcl.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hcltech Sametime | =11.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.