CVE-2013-3984

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.x through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description The issue concerns the Meeting Server in IBM Sametime, where it fails to set the secure flag for a cookie during an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For IBM Sametime versions 8.x through 8.5.2.1, update to a version that sets the secure flag for the cookie. For IBM Sametime versions 9.x through 9.0.0.1, update to a version that sets the secure flag for the cookie. As a temporary workaround, consider restricting access to the Meeting Server to minimize the risk of exploitation.