CVE-2021-27770
MEDIUMHCL Sametime - Server-Side Request Forgery via FaviconService Base64-Encoded URL
Title source: llmDescription
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430
Scores
CVSS v3
6.8
EPSS
0.0067
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Details
CWE
CWE-472
Status
published
Products (1)
hcltech/sametime
11.6
Published
May 12, 2022
Tracked Since
Feb 18, 2026