Main Vulnerability Database Vulnerabilities #VU41627

#VU41627 Improper Authentication in Sametime - CVE-2013-3977

Published: May 26, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41627

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-3977

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Sametime

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

Remediation

Install update from vendor's website.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84901

#VU41627 Improper Authentication in Sametime - CVE-2013-3977

Description

Remediation

External links

Please verify you're human