CVE-2022-42446
MEDIUMHCL Sametime 12 - Unauthenticated User Directory Access and Chat Creation
Title source: llmDescription
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768
Scores
CVSS v3
6.5
EPSS
0.0024
EPSS Percentile
46.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (1)
hcltech/sametime
12.0 (2 CPE variants)
Published
Dec 12, 2022
Tracked Since
Feb 18, 2026