CVE-2013-3983Improper Input Validation in IBM Sametime

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 42.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedFeb 14
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/sametime4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-hw9g-wm2x-4jf4: The Meeting Server in IBM Sametime 82022-05-17
CVEList
CVE-2013-3983: The Meeting Server in IBM Sametime 82014-02-13
CVE-2013-3983 — Improper Input Validation in IBM | cvebase