CVE-2013-3978IBM Sametime vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 56.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedFeb 14
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/sametime4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-jx2c-g5jx-5fj7: The Meeting Server in IBM Sametime 82022-05-17
CVEList
CVE-2013-3978: The Meeting Server in IBM Sametime 82014-02-13
CVE-2013-3978 — IBM Sametime vulnerability | cvebase