{"api_version":"1","generated_at":"2026-04-23T09:40:05+00:00","cve":"CVE-2021-27772","urls":{"html":"https://cve.report/CVE-2021-27772","api":"https://cve.report/api/cve/CVE-2021-27772.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-27772","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-27772"},"summary":{"title":"CVE-2021-27772","description":"Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge.","state":"PUBLIC","assigner":"psirt@hcl.com","published_at":"2022-05-12 22:15:00","updated_at":"2022-07-29 13:45:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430","name":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430","refsource":"MISC","tags":[],"title":"Security Bulletin: Multiple security fixes available for HCL Sametime Proxy and Web chat client - Customer Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-27772","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27772","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"27772","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hcltech","cpe5":"sametime","cpe6":"11.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@hcl.com","DATE_PUBLIC":"2022-04-15T00:00:00.000Z","ID":"CVE-2021-27772","STATE":"PUBLIC","TITLE":"HCL Sametime is vulnerable to an information disclosure"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Sametime","version":{"version_data":[{"version_value":"11.6"}]}}]},"vendor_name":"HCL Software"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285 Improper Authorization"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430","name":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-05-12 22:15:00","lastModifiedDate":"2022-07-29 13:45:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hcltech:sametime:11.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"27772","Ordinal":"202884","Title":"CVE-2021-27772","CVE":"CVE-2021-27772","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"27772","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}