HCL Sametime is vulnerable to an information disclosure

Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

授权机制不恰当

HCL Technologies HCL Sametime 授权问题漏洞

HCL Sametime是HCL Technologies的一个会议解决方案。 HCL Sametime 11.6 版本存在授权问题漏洞，该漏洞源于应用中用户无需主动参与即可阅读群组对话。攻击者可以利用该漏洞实现敏感信息读取。

N/A

N/A