Vulnerability Details : CVE-2022-42446
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
Products affected by CVE-2022-42446
- cpe:2.3:a:hcltech:sametime:12.0:fp1:*:*:*:*:*:*
- cpe:2.3:a:hcltech:sametime:12.0:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42446
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42446
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
3.9
|
2.5
|
HCL Software |
CWE ids for CVE-2022-42446
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42446
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768
SECURITY BULLETIN: HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access (CVE-2022-42446)Mitigation;Vendor Advisory
Jump to