CVE-2021-27770
6.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCL Software | Sametime | 11.6 | affected |
Weaknesses
- CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.