{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21791", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:08:03.878Z", "datePublished": "2026-03-10T10:10:58.430Z", "dateUpdated": "2026-03-10T16:51:09.483Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-10T10:10:58.430Z"}, "title": "HCL Sametime for Android is affected by sensitive information disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of sensitive information into log file", "type": "CWE"}]}], "affected": [{"vendor": "HCL", "product": "Sametime", "versions": [{"status": "affected", "version": "Android 12.0.21"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129451"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T15:35:46.418271Z", "id": "CVE-2026-21791", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T16:51:09.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21791", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T15:35:46.418271Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:35:47.472Z"}}], "cna": {"title": "HCL Sametime for Android is affected by sensitive information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "Sametime", "versions": [{"status": "affected", "version": "Android 12.0.21"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129451"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL", "supportingMedia": [{"type": "text/html", "value": "HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of sensitive information into log file"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-10T10:10:58.430Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21791", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:51:09.483Z", "dateReserved": "2026-01-05T16:08:03.878Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-10T10:10:58.430Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:android:*:*", "matchCriteriaId": "39B467B5-DFD7-4447-9B65-3B021311C311", "versionEndExcluding": "12.0.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL"}, {"lang": "es", "value": "HCL Sametime para Android se ve afectado por una revelaci\u00f3n de informaci\u00f3n sensible. La informaci\u00f3n de los nombres de host se escribe en los registros de la aplicaci\u00f3n y en ciertas URL."}], "id": "CVE-2026-21791", "lastModified": "2026-05-07T20:05:12.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2026-03-10T18:18:06.560", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129451"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 12.0.21"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Sametime", "source": "cna", "vendor": "HCL"}, "product": "sametime", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-04-16T09:52:18.674454+00:00", "value": {"mitigation_remediation": ["Disable or restrict application logging of hostnames and URLs to prevent sensitive data from being captured.", "Apply the vendor\u2019s latest update or patch as soon as it becomes available.", "Configure log file permissions to ensure that only authorized administrators can read them."], "summary": {"action": "Review Logs", "impact": "Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is HCL Sametime for Android. No specific version information was supplied, so all current releases of this application should be treated as potentially vulnerable until an official patch or update is issued by the vendor.", "description_and_impact": "A vulnerability in HCL Sametime for Android allows hostnames to be written to application logs and reveals certain URLs. This exposes potentially sensitive configuration details to anyone who can read the logs, thereby increasing the risk of reconnaissance and targeting. The weakness is identified as CWE-532, a sensitive data exposure flaw that can compromise privacy or aid in further exploitation.", "risk_and_exploitability": "The CVSS score of 3.3 classifies this flaw as low severity, and the EPSS score indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The most likely attack scenario involves an attacker with access to the device or its local storage, reading the log files to harvest exposed hostnames and URLs. Because the exploit requires only local or accessible log reading, the risk to remote attackers is limited. Nonetheless, the exposed information could assist in future attacks or data exfiltration."}}}}, "created": "2026-03-11T11:50:21.099056+00:00", "updated": "2026-04-16T10:00:14.067354+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$sametime"]}