Main Vulnerability Database Exploits ID:3949 - Exploit for Improper Authentication in Sametime - CVE-2013-3977

ID:3949 - Exploit for Improper Authentication in Sametime - CVE-2013-3977

Published: August 11, 2020

Vulnerability identifier: #VU41627

Vulnerability risk: Medium

CVE-ID: CVE-2013-3977

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Sametime

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/gather/ibm_sametime_room_brute

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

Remediation

Install update from vendor's website.

ID:3949 - Exploit for Improper Authentication in Sametime - CVE-2013-3977

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human