CVE-2013-3984Sensitive Information Exposure in IBM Sametime

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
2.9LOWNVD
EPSS
0.1%
top 70.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedMay 26
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

AV:A/AC:M/C:P/I:N/A:NExploitability: 5.5 | Impact: 2.9

Affected Packages1 packages

NVDibm/sametime11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-26pr-grxv-7v6g: The Meeting Server in IBM Sametime 82022-05-17
CVEList
CVE-2013-3984: The Meeting Server in IBM Sametime 82014-05-26
CVE-2013-3984 — Sensitive Information Exposure in IBM | cvebase