CVE-2013-3983

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.5.2 through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description The issue concerns the Meeting Server in IBM Sametime, where it fails to validate URLs in Cookie headers before using them in redirects. This has an unspecified impact and can be exploited through remote attack vectors.

Recommendations For IBM Sametime versions 8.5.2 through 8.5.2.1, update to a version that includes the fix for this issue. For IBM Sametime versions 9.x through 9.0.0.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the Meeting Server feature until a patch is available.