CVE-2021-27760

An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
HCLCNA
4.6 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
hcltechhcl_inotes
11.0.0
hcltechhcl_inotes
11.0.1
hcltechhcl_inotes
11.0.1:fixpack1
hcltechhcl_inotes
11.0.1:fixpack2
hcltechhcl_inotes
11.0.1:fixpack3
hcltechhcl_inotes
11.0.1:fixpack4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097670