Main Vulnerability Database Vulnerabilities #VU42093

Permissions, Privileges, and Access Controls in Sametime - CVE-2013-6727

Published: January 31, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42093

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-6727

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Sametime

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors.

How to mitigate CVE-2013-6727

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21662725
https://exchange.xforce.ibmcloud.com/vulnerabilities/89282

Permissions, Privileges, and Access Controls in Sametime - CVE-2013-6727

Detailed vulnerability description

How to mitigate CVE-2013-6727

Sources

Please verify you're human