CVE-2022-42446

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sametime versions 12 and later

Description The issue allows anonymous users to browse the User Directory and potentially create chats with internal users after logging in.

Recommendations For Sametime version 12 and later, consider disabling anonymous user access to restrict the ability to browse the User Directory and create chats with internal users.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2022-42446

Affected Products

Sametime

CVE-2022-42446

Weakness Enumeration

Related Identifiers

Affected Products

References · 3