{"containers": {"cna": {"affected": [{"product": "Sametime", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "11.6"}]}], "datePublic": "2022-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "The vulnerability was discovered within the \u201cFaviconService\u201d. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the \u201cmeetings\u201d-function where users can specify an external URL where the online meeting will take place."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-472", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-12T21:25:25", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Sametime is vulnerable to arbitrary HTTP requests", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-04-15T00:00:00.000Z", "ID": "CVE-2021-27770", "STATE": "PUBLIC", "TITLE": "HCL Sametime is vulnerable to arbitrary HTTP requests"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sametime", "version": {"version_data": [{"version_value": "11.6"}]}}]}, "vendor_name": "HCL Software"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vulnerability was discovered within the \u201cFaviconService\u201d. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the \u201cmeetings\u201d-function where users can specify an external URL where the online meeting will take place."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-472 External Control of Assumed-Immutable Web Parameter"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:26:10.750Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2021-27770", "datePublished": "2022-05-12T21:25:25.427594Z", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-09-16T20:02:52.780Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:11.6:*:*:*:*:*:*:*", "matchCriteriaId": "0B6E07B1-4DD8-4D9C-8DC1-063FEAD8BA52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability was discovered within the \u201cFaviconService\u201d. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the \u201cmeetings\u201d-function where users can specify an external URL where the online meeting will take place."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada dentro de \"FaviconService\". El servicio toma una URL codificada en base64 que luego es solicitada por el servidor web. Suponemos que este servicio es usado por la funci\u00f3n \"meetings\", en la que usuarios pueden especificar una URL externa en la que tendr\u00e1 lugar la reuni\u00f3n en l\u00ednea"}], "id": "CVE-2021-27770", "lastModified": "2024-11-21T05:58:32.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.7, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-12T22:15:11.823", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "psirt@hcl.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}