Main Vulnerability Database Vulnerabilities #VU41629

Permissions, Privileges, and Access Controls in Sametime - CVE-2013-3981

Published: May 26, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41629

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-3981

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

How to mitigate CVE-2013-3981

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84907

Permissions, Privileges, and Access Controls in Sametime - CVE-2013-3981

Detailed vulnerability description

How to mitigate CVE-2013-3981

Sources

Please verify you're human