漏洞标题
HCL Sametime存在信息泄露漏洞
漏洞描述信息
HCL Sametime存在信息泄露漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
HCL Sametime is vulnerable to an information disclosure
漏洞描述信息
Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
漏洞类别
授权机制不恰当
漏洞标题
HCL Technologies HCL Sametime 授权问题漏洞
漏洞描述信息
HCL Sametime是HCL Technologies的一个会议解决方案。 HCL Sametime 11.6 版本存在授权问题漏洞,该漏洞源于应用中用户无需主动参与即可阅读群组对话。攻击者可以利用该漏洞实现敏感信息读取。
CVSS信息
N/A
漏洞类别
授权问题