SB2014021404 - Multiple vulnerabilities in IBM Sametime
Published: February 14, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2014-3867)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.
2) Information disclosure (CVE-ID: CVE-2013-3982)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
3) Cross-site scripting (CVE-ID: CVE-2014-3014)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper Authentication (CVE-ID: CVE-2013-3046)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.
5) Input validation error (CVE-ID: CVE-2013-3975)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
6) Improper Authentication (CVE-ID: CVE-2013-3977)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
7) Input validation error (CVE-ID: CVE-2013-3980)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-3981)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.
9) Credentials management (CVE-ID: CVE-2014-0890)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-3978)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
11) Input validation error (CVE-ID: CVE-2013-3983)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
12) Input validation error (CVE-ID: CVE-2013-3988)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-6742)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
14) Cross-site scripting (CVE-ID: CVE-2013-6743)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://www.securityfocus.com/bid/67659
- http://www-01.ibm.com/support/docview.wss?uid=swg21671201
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84967
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84908
- http://www.securityfocus.com/bid/67597
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84901
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84906
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84907
- http://www-01.ibm.com/support/docview.wss?uid=swg21665658
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91282
- http://www-01.ibm.com/support/docview.wss?uid=swg21662928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84966
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84973
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89858
- http://osvdb.org/103131
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89859