Main Vulnerability Database Vulnerabilities #VU41627

Improper Authentication in Sametime - CVE-2013-3977

Published: May 26, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41627

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-3977

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

How to mitigate CVE-2013-3977

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84901

Improper Authentication in Sametime - CVE-2013-3977

Detailed vulnerability description

How to mitigate CVE-2013-3977

Sources

Please verify you're human