Description
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
Published: 2026-03-10
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Review Logs
AI Analysis

Impact

A vulnerability in HCL Sametime for Android allows hostnames to be written to application logs and reveals certain URLs. This exposes potentially sensitive configuration details to anyone who can read the logs, thereby increasing the risk of reconnaissance and targeting. The weakness is identified as CWE-532, a sensitive data exposure flaw that can compromise privacy or aid in further exploitation.

Affected Systems

The affected product is HCL Sametime for Android. No specific version information was supplied, so all current releases of this application should be treated as potentially vulnerable until an official patch or update is issued by the vendor.

Risk and Exploitability

The CVSS score of 3.3 classifies this flaw as low severity, and the EPSS score indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The most likely attack scenario involves an attacker with access to the device or its local storage, reading the log files to harvest exposed hostnames and URLs. Because the exploit requires only local or accessible log reading, the risk to remote attackers is limited. Nonetheless, the exposed information could assist in future attacks or data exfiltration.

Generated by OpenCVE AI on April 16, 2026 at 09:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or restrict application logging of hostnames and URLs to prevent sensitive data from being captured.
  • Apply the vendor’s latest update or patch as soon as it becomes available.
  • Configure log file permissions to ensure that only authorized administrators can read them.

Generated by OpenCVE AI on April 16, 2026 at 09:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:sametime:*:*:*:*:*:android:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech sametime
Vendors & Products Hcltech
Hcltech sametime

Tue, 10 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
Title HCL Sametime for Android is affected by sensitive information disclosure
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hcltech Sametime
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-10T16:51:09.483Z

Reserved: 2026-01-05T16:08:03.878Z

Link: CVE-2026-21791

cve-icon Vulnrichment

Updated: 2026-03-10T15:35:47.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:06.560

Modified: 2026-05-07T20:05:12.720

Link: CVE-2026-21791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:00:14Z

Weaknesses