exploitDog

CVE-2022-42446

Опубликовано: 12 дек. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 6.5

EPSS Низкий

Описание

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768
Mitigation
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hcltech:sametime:12.0:-:*:*:*:*:*:*

cpe:2.3:a:hcltech:sametime:12.0:fp1:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-r6p7-5w57-87q9

CVSS3: 6.5

github

около 3 лет назад

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-276

CWE-276