Description
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
Published: 2026-03-05
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information disclosure
Action: Assess
AI Analysis

Impact

This vulnerability allows hostnames to be written in both application logs and certain URLs, exposing sensitive information that could aid in system enumeration or mapping. It is a classic case of insecure logging that violates confidentiality by leaking environment details and is classified under CWE-532.

Affected Systems

The affected product is HCL Software’s Sametime for iOS. No specific version range is provided, so all installations of this mobile collaboration app should be considered vulnerable unless a later release contains a fixed logging configuration.

Risk and Exploitability

The CVSS score of 3.3 indicates a low impact, and the EPSS score of less than 1% shows a very low likelihood of exploitation as of the current data. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires the attacker to gain some level of access to the device or to intercept the logs or URLs that the application generates, so it is largely an opportunistic or local attack vector rather than a remote exploit.

Generated by OpenCVE AI on April 16, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Sametime for iOS application to the latest version provided by HCL that removes hostname disclosure from logs and URLs.
  • Configure the application or device logging level to a secure level that excludes hostnames, or apply a masking filter to log entries and URLs before they are stored or transmitted.
  • Regularly audit and sanitize logs and network traffic to ensure that no hostnames are exposed, and apply network or application‑level blocking of URLs that reveal internal hostnames if possible.

Generated by OpenCVE AI on April 16, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech sametime
CPEs cpe:2.3:a:hcltech:sametime:*:*:*:*:*:iphone_os:*:*
Vendors & Products Hcltech
Hcltech sametime

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Hclsoftware
Hclsoftware sametime For Ios
Vendors & Products Hclsoftware
Hclsoftware sametime For Ios

Thu, 05 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
Title HCL Sametime for iOS is affected by sensitive information disclosure
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hclsoftware Sametime For Ios
Hcltech Sametime
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-05T15:07:37.876Z

Reserved: 2026-01-05T16:08:02.277Z

Link: CVE-2026-21786

cve-icon Vulnrichment

Updated: 2026-03-05T15:07:33.813Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:58.163

Modified: 2026-03-09T18:41:33.467

Link: CVE-2026-21786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:45:35Z

Weaknesses