CVE-2011-1370

CWE-163 documents3 sources
Severity
5.0MEDIUM
EPSS
0.3%
top 51.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Sametime
Timeline
PublishedOct 29
Latest updateMay 17

Description

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_sametime12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-vg3h-2vxq-p9cc: The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 72022-05-17
CVEList
CVE-2011-1370: The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 72011-10-29
CVE-2011-1370 (MEDIUM CVSS 5) | The default configuration of the Sa | cvebase.io