CVE-2013-3046 β€” Improper Authentication in IBM Sametime

CWE-287 β€” Improper Authentication3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 80.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedMay 26
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.

CVSS vector

AV:A/AC:M/C:P/I:P/A:NExploitability: 5.5 | Impact: 4.9

Affected Packages1 packages

β–ΆNVDibm/sametime12 versions+11

πŸ”΄Vulnerability Details

2
GHSA
GHSA-pj2j-cmxg-76xc: The Meeting Server in IBM Sametime 8β†—2022-05-17
β–Ά
CVEList
CVE-2013-3046: The Meeting Server in IBM Sametime 8β†—2014-05-26
β–Ά
CVE-2013-3046 β€” Improper Authentication in IBM Sametime | cvebase