CVE-2021-27770
HCL Sametime is vulnerable to arbitrary HTTP requests
In short
HCL Sametime's FaviconService accepts a base64-encoded URL and fetches it from the server, allowing attackers to make arbitrary HTTP requests to internal or external systems by manipulating the URL parameter passed through the meetings function.
Technical detail
The FaviconService endpoint accepts base64-encoded URLs that are server-side requested without proper validation, enabling SSRF (Server-Side Request Forgery) attacks. An authenticated attacker can craft malicious URLs through the meetings function to access internal resources, bypass firewalls, or probe internal network infrastructure.
Summary generated and translated by AI from the official description.
The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Affected products
HCL Software · SametimeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →