Main Vulnerability Database Vulnerabilities #VU41626

Input validation error in Sametime - CVE-2013-3975

Published: May 26, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41626

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-3975

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

How to mitigate CVE-2013-3975

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84855

Input validation error in Sametime - CVE-2013-3975

Detailed vulnerability description

How to mitigate CVE-2013-3975

Sources

Please verify you're human