Primary

Context

HCL Sametime for iOS Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A sensitive information disclosure vulnerability has been identified in HCL Sametime for iOS, specifically in versions through 12.0.25. This vulnerability allows hostnames to be inadvertently logged in application logs and certain URLs, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of sensitive information, specifically hostnames, which could be used in further attacks or to compromise user privacy.

Remediation

Users are advised to upgrade to HCL Sametime for iOS version 12.0.26. The latest version can be downloaded from the App Store.

Added: Mar 5, 2026, 8:21 AM

Updated: Mar 5, 2026, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

3.1

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

3.1

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Sametime for iOS Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL Sametime

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating