{
  "id": "CVE-2022-42446",
  "sourceIdentifier": "psirt@hcl.com",
  "published": "2022-12-12T13:15:14.797",
  "lastModified": "2024-11-21T07:24:59.017",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.\n"
    },
    {
      "lang": "es",
      "value": "A partir de Sametime 12, los usuarios an\u00f3nimos est\u00e1n habilitados de forma predeterminada. Despu\u00e9s de iniciar sesi\u00f3n como usuario an\u00f3nimo, uno tiene la posibilidad de explorar el directorio de usuarios y potencialmente crear chats con usuarios internos."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@hcl.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hcltech:sametime:12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "66902941-C293-45D5-8759-1531DFE16409"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hcltech:sametime:12.0:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "90E316D2-1E1E-4BEA-855A-D0A6BD2E3584"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768",
      "source": "psirt@hcl.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101768",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ]
    }
  ]
}