PT-2011-2828 · Ibm · Ibm Lotus Sametime

Dave Daly

Published

2011-02-22

Updated

2018-10-09

CVE-2011-1038

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Lotus Sametime version 8.0.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the stconf.nsf component of the server. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via two methods: (1) the messageString parameter in a "WebMessage" action, or (2) the PATH INFO.

Recommendations For IBM Lotus Sametime version 8.0.1, consider restricting access to the stconf.nsf component until a fix is available. As a temporary workaround, avoid using the messageString parameter in WebMessage actions and restrict the PATH INFO to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-1038

Affected Products

Ibm Lotus Sametime

PT-2011-2828 · Ibm · Ibm Lotus Sametime

CVE-2011-1038

Weakness Enumeration

Related Identifiers

Affected Products

References · 7