CVE-2013-3985

CWE-2644 documents4 sources
Severity
2.9LOW
EPSS
0.1%
top 70.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Sametime
Timeline
PublishedNov 9
Latest updateMay 17

Description

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.

CVSS vector

AV:A/AC:M/C:P/I:N/A:NExploitability: 5.5 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_sametime8.5.2, 8.5.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-qmc3-45w6-449f: The Enterprise Meeting Server in IBM Lotus Sametime 82022-05-17
CVEList
CVE-2013-3985: The Enterprise Meeting Server in IBM Lotus Sametime 82013-11-09

💬Community

1
Bugzilla
CVE-2014-3985 miniupnpc buffer overrun - network facing DoS crash2014-04-09
CVE-2013-3985 (LOW CVSS 2.9) | The Enterprise Meeting Server in IB | cvebase.io