CVE-2014-3867Sensitive Information Exposure in IBM Sametime

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
CNA2.9
EPSS
0.3%
top 51.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedMay 26
Latest updateMay 17

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/sametime12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-jj7f-gj82-922p: The Meeting Server in IBM Sametime 82022-05-17
CVEList
CVE-2014-3867: The Meeting Server in IBM Sametime 82014-05-26
CVE-2014-3867 — Sensitive Information Exposure in IBM | cvebase