Main Vulnerability Database Vulnerabilities #VU41629

#VU41629 Permissions, Privileges, and Access Controls in Sametime - CVE-2013-3981

Published: May 26, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41629

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-3981

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Sametime

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84907

#VU41629 Permissions, Privileges, and Access Controls in Sametime - CVE-2013-3981

Description

Remediation

External links

Please verify you're human