Main Vulnerability Database Vulnerabilities #VU41620

#VU41620 Information disclosure in Sametime - CVE-2013-3982

Published: May 26, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41620

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2013-3982

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Sametime

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.

Remediation

Install update from vendor's website.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84908