CVE-2021-27770

{"id": "CVE-2021-27770", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.1}]}, "published": "2022-05-12T22:15:11.823", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-472"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability was discovered within the \u201cFaviconService\u201d. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the \u201cmeetings\u201d-function where users can specify an external URL where the online meeting will take place."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada dentro de \"FaviconService\". El servicio toma una URL codificada en base64 que luego es solicitada por el servidor web. Suponemos que este servicio es usado por la funci\u00f3n \"meetings\", en la que usuarios pueden especificar una URL externa en la que tendr\u00e1 lugar la reuni\u00f3n en l\u00ednea"}], "lastModified": "2023-06-30T21:26:36.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6E07B1-4DD8-4D9C-8DC1-063FEAD8BA52"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}