CVE-2022-42446 MEDIUM

CVE-2022-42446: HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access

Vendor Hcl Software
Product HCL Sametime
Published November 30, 2022
Last update April 24, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.

Key dates

02Disclosure timeline

November 30, 2022 CVE published
April 24, 2025 Record updated