CVE-2014-0906
published 2014-05-26CVE-2014-0906: The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |
| ibm | sametime | — | — |