CVE-2021-27770: HCL Sametime is vulnerable to arbitrary HTTP requests
First published: Thu May 12 2022(Updated: )
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sametime | =11.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-27770?
CVE-2021-27770 has been rated as a high severity vulnerability due to its potential impact on the web server's security.
How do I fix CVE-2021-27770?
To mitigate CVE-2021-27770, update HCL Sametime to version 11.6 or later where the vulnerability has been addressed.
What does CVE-2021-27770 affect?
CVE-2021-27770 affects the FaviconService component of HCL Sametime version 11.6.
What is the nature of the vulnerability in CVE-2021-27770?
CVE-2021-27770 is a vulnerability where a base64-encoded URL can be manipulated, allowing potential unauthorized actions on the web server.
Is CVE-2021-27770 being actively exploited?
There have been indications that CVE-2021-27770 could be exploited if left unpatched, making it crucial to address the vulnerability promptly.
- agent/type
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hcltech
- canonical/ibm sametime
- version/ibm sametime/11.6