Information disclosure in Sametime - CVE-2016-2974
Published: August 29, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38382
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-2974
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Sametime
Sametime
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.
How to mitigate CVE-2016-2974
Install update from vendor's website.