Main Vulnerability Database Vulnerabilities #VU38378

Information disclosure in Sametime - CVE-2016-0358

Published: August 29, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38378

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-0358

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.

How to mitigate CVE-2016-0358

Install update from vendor's website.

Sources

http://www.ibm.com/support/docview.wss?uid=swg22006441
http://www.securityfocus.com/bid/100572
https://exchange.xforce.ibmcloud.com/vulnerabilities/111928

Information disclosure in Sametime - CVE-2016-0358

Detailed vulnerability description

How to mitigate CVE-2016-0358

Sources

Please verify you're human