CVE-2013-3985

Name of the Vulnerable Software and Affected Versions IBM Lotus Sametime versions 8.5.2 through 8.5.2.1

Description The issue concerns a problem with the Enterprise Meeting Server in IBM Lotus Sametime, where application cookies are not properly restricted. This allows remote attackers to read session variables by exploiting a weak setting of the Domain variable.

Recommendations For versions 8.5.2 through 8.5.2.1, consider restricting access to sensitive session variables until a proper fix is applied to the Domain variable setting. As a temporary workaround, review and strengthen the Domain variable settings to prevent unauthorized access.