Vulnerability Details : CVE-2021-27760
An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
Vulnerability category: Input validationExecute code
Products affected by CVE-2021-27760
- cpe:2.3:a:hcltech:hcl_inotes:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*
- cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack3:*:*:*:*:*:*
- cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack4:*:*:*:*:*:*
- cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-27760
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27760
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L |
2.1
|
2.5
|
HCL Software |
CWE ids for CVE-2021-27760
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: psirt@hcl.com (Secondary)
References for CVE-2021-27760
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670
Security Bulletin: HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart (CVE-2021-27760) - Customer SupportThird Party Advisory
Jump to