Описание
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*
cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2:*:*:*:*:*:*
cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3:*:*:*:*:*:*
cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00472
Низкий
4.6 Medium
CVSS3
5.5 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
EPSS
Процентиль: 64%
0.00472
Низкий
4.6 Medium
CVSS3
5.5 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
NVD-CWE-noinfo