CVE-2022-42446: HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access
First published: Wed Nov 30 2022(Updated: )
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sametime | =12.0 | |
| IBM Sametime | =12.0-fp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-42446?
CVE-2022-42446 has been classified as a high severity vulnerability due to the risks of unauthorized access and potential data exposure.
How do I fix CVE-2022-42446?
To fix CVE-2022-42446, you should disable anonymous access for users in HCL Sametime 12 by adjusting the relevant settings.
Which versions of HCL Sametime are affected by CVE-2022-42446?
CVE-2022-42446 affects HCL Sametime versions 12.0 and 12.0-fp1.
What are the risks associated with CVE-2022-42446?
The risks associated with CVE-2022-42446 include unauthorized browsing of the User Directory and creating chats with internal users.
Is there a patch available for CVE-2022-42446?
Yes, updates that address CVE-2022-42446 are available through HCL's support channels.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hcltech
- canonical/ibm sametime
- version/ibm sametime/12.0
- version/ibm sametime/12.0-fp1