CVE-2021-27770

Summary

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareSametime11.6affected

Weaknesses

  • CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CVE Program Container

Additional References

References