GCVE - cpe:2.3:a:hcl:sametime:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hcl:sametime:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hcl (`1d3f8112-3eea-57b2-9fe3-0239de9402c9`)
Product	Sametime (`02b11915-f03e-5c22-b3d6-1e0490f11072`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-21791`	vulnerable	2026-06-03 15:15:51.655164	HCL Sametime for Android is affected by sensitive information disclosure LOW (3.3) HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL Published: 2026-03-10T10:10:58.430Z Updated: 2026-03-10T16:51:09.483Z Open on db.gcve.eu Reference links https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129451	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-62320`	vulnerable	2026-06-03 15:07:58.612633	HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform MEDIUM (4.7) HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser. Published: 2026-03-17T12:02:08.881Z Updated: 2026-03-17T12:56:51.604Z Open on db.gcve.eu Reference links https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-31966`	vulnerable	2026-06-03 15:00:39.736101	Boolean-Based SQL Injection in Multiple Unica Components LOW (2.7) HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server. Published: 2026-03-17T11:29:21.144Z Updated: 2026-03-17T12:57:24.795Z Open on db.gcve.eu Reference links https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124722	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.