CVE-2025-31966

{"id": "CVE-2025-31966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2026-03-17T12:16:12.337", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124722", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server."}, {"lang": "es", "value": "HCL Sametime es vulnerable a una validaci\u00f3n rota del lado del servidor. Aunque la aplicaci\u00f3n realiza comprobaciones de entrada del lado del cliente, estas no son aplicadas por el servidor web. Un atacante puede eludir estas restricciones enviando solicitudes HTTP manipuladas directamente al servidor."}], "lastModified": "2026-03-31T21:06:04.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "B4DDE282-CD1A-4F62-BE5C-AB81CCC702B1", "versionEndExcluding": "12.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}