#VU41626 Input validation error in Sametime - CVE-2013-3975
Vulnerability identifier: #VU41626
Vulnerability risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Sametime
Client/Desktop applications /
Messaging software
Vendor: IBM Corporation
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Sametime: 8.0.0.0 - 9.0.0.1
External links
https://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/84855
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
