CVE-2014-0906 — IBM Sametime vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 55.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sametime

Timeline

PublishedMay 26

Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/sametime11 versions+10

🔴Vulnerability Details

GHSA

GHSA-vhx8-2787-4h6v: The Meeting Server in IBM Sametime 8↗2022-05-17

▶

CVEList

CVE-2014-0906: The Meeting Server in IBM Sametime 8↗2014-05-26

▶