CVE-2013-3977Improper Authentication in IBM Sametime

CWE-287Improper Authentication3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
29.1%
top 3.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedMay 26
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/sametime12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-8x8p-v7x6-7pfq: The Meeting Server in IBM Sametime 82022-05-17
CVEList
CVE-2013-3977: The Meeting Server in IBM Sametime 82014-05-26
CVE-2013-3977 — Improper Authentication in IBM Sametime | cvebase