Every CVE whose affected-product data names Hcltech Sametime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-27771 — CVSS 8.2 (high): User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in…
CVE-2021-27772 — CVSS 7.1 (high): Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start…
CVE-2021-27770 — CVSS 6.8 (medium): The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the…
CVE-2022-42446 — CVSS 6.5 (medium): Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the…
CVE-2023-50349 — CVSS 5.9 (medium): Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an…
CVE-2024-30122 — CVSS 5.8 (medium): HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web…
CVE-2021-27769 — CVSS 5.3 (medium): Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information…
CVE-2024-30124 — CVSS 4.0 (medium): HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default…
CVE-2023-45696 — CVSS 4.0 (medium): Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data…
CVE-2023-45718 — CVSS 3.9 (low): Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in…
CVE-2023-37540 — CVSS 3.9 (low): Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this…
CVE-2023-50355 — CVSS 3.6 (low): HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another…
CVE-2026-21791 — CVSS 3.3 (low): HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and…
CVE-2026-21786 — CVSS 3.3 (low): HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain…
CVE-2025-31966 — CVSS 2.7 (low): HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not…