PT-2022-9849 · Ibm · Notes+1

Published

2022-05-06

Updated

2022-07-29

CVE-2021-27760

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Notes versions 11.0 through 11.0.1 FP4

Description An issue was discovered in the Sametime chat feature, allowing an authenticated Sametime chat user to cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.

Recommendations For Notes versions 11.0 through 11.0.1 FP4, consider disabling the Sametime chat feature until a patch is available to prevent Remote Code Execution attacks. Restrict access to the Sametime chat module to minimize the risk of exploitation. Avoid using the Sametime chat feature in these versions until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-27760

Affected Products

Notes

Sametime

PT-2022-9849 · Ibm · Notes+1

CVE-2021-27760

Weakness Enumeration

Related Identifiers

Affected Products

References · 6