Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL Sametime is vulnerable to arbitrary HTTP requests
Vulnerability Description
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
对假设不可变Web参数的外部可控制
Vulnerability Title
HCL Technologies HCL Sametime 安全漏洞
Vulnerability Description
HCL Sametime是HCL Technologies的一个会议解决方案。 HCL Technologies HCL Sametime 11.6版本存在安全漏洞,该漏洞源于FaviconService中对于外部URL缺少吸纳之。攻击者可以利用该漏洞指定在线会议将发生的外部 URL。
CVSS Information
N/A
Vulnerability Type
N/A