Incorrect Default Permissions
CVE-2022-42446
Summary
Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published
