CVE-2021-27760

An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.

CVSS v3 4.6 MEDIUM
CVSS v2.0 6.0 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670	Third Party Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:hcl_inotes:11.0.0:::::::*
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3::::::
	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4::::::

History

21 Nov 2024, 05:58

Type	Values Removed	Values Added
References	~~() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 - Third Party Advisory~~	() https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670 - Third Party Advisory
CVSS	v2 : ~~6.0~~ v3 : ~~5.5~~	v2 : 6.0 v3 : 4.6

Information

Published : 2022-05-06 18:15

Updated : 2024-11-21 05:58

NVD link : CVE-2021-27760

Mitre link : CVE-2021-27760

CVE.ORG link : CVE-2021-27760

JSON object : View

Products Affected

hcltech

hcl_inotes

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2021-27760", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2022-05-06T18:15:08.713", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670", "tags": ["Third Party Advisory"], "source": "psirt@hcl.com"}, {"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code."}, {"lang": "es", "value": "Se ha detectado un problema en la funcionalidad de chat de Sametime en los clientes Notes 11.0 - 11.0.1 FP4. Un usuario autenticado del chat de Sametime podr\u00eda causar una Ejecuci\u00f3n de C\u00f3digo Remota en otro cliente de chat mediante el env\u00edo de un mensaje con formato especial mediante el chat que contenga c\u00f3digo Javascript"}], "lastModified": "2024-11-21T05:58:31.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B76DD1-79D7-4320-A1E8-7B5BF5345B3E"}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030"}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "582BCD88-43F2-4E10-B638-4C1D54ED71F8"}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9D5E06-963D-46D1-B780-5FA7F3B29A94"}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35AECE5B-35F0-4DF4-A7E8-BE66A0D1E271"}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2845122-0A3C-4BDD-95A3-341A18E33040"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}