PT-2022-9859 · Ibm · Sametime

Published

2022-05-12

Updated

2022-05-24

CVE-2021-27771

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Sametime chat application (affected versions not specified)

Description The issue allows modification of the User SID, which can result in Arbitrary File Upload or deletion of directories, causing a Denial of Service. Users of the Sametime chat application hold a cookie containing their session ID (SID), used for sending chat messages, receiving notifications, and/or transferring files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-434

Related Identifiers

CVE-2021-27771

Affected Products

Sametime

PT-2022-9859 · Ibm · Sametime

CVE-2021-27771

Weakness Enumeration

Related Identifiers

Affected Products

References · 4