CVE-2021-27772: HCL Sametime is vulnerable to an information disclosure
First published: Thu May 12 2022(Updated: )
Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sametime | =11.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-27772?
CVE-2021-27772 is considered a medium severity vulnerability as it allows unauthorized access to group conversation contents.
How do I fix CVE-2021-27772?
To fix CVE-2021-27772, update HCL Sametime to version 11.6 or a later secure version.
What type of vulnerability is CVE-2021-27772?
CVE-2021-27772 is a privacy vulnerability that allows users to read group conversations without being a participant.
Which versions of HCL Sametime are affected by CVE-2021-27772?
HCL Sametime version 11.6 is specifically affected by CVE-2021-27772.
What are the implications of CVE-2021-27772 for users?
The implications of CVE-2021-27772 include the potential exposure of private group conversation content to unauthorized users.
- agent/type
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hcltech
- canonical/ibm sametime
- version/ibm sametime/11.6