Main Vulnerability Database Vulnerabilities #VU41620

Information disclosure in Sametime - CVE-2013-3982

Published: May 26, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41620

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-3982

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.

How to mitigate CVE-2013-3982

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84908

Information disclosure in Sametime - CVE-2013-3982

Detailed vulnerability description

How to mitigate CVE-2013-3982

Sources

Please verify you're human