PT-2011-3089 · Ibm · Ibm Lotus Sametime

Published

2011-10-29

Updated

2017-08-17

CVE-2011-1370

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Lotus Sametime versions 7.0 through 8.5.2

Description The default configuration of the Sametime configuration servlet (SCS) in the server does not enable an authentication requirement. This allows remote attackers to read the configuration settings by examining a response message.

Recommendations For IBM Lotus Sametime versions 7.0 through 8.5.2, enable the authentication requirement for the Sametime configuration servlet (SCS) to prevent unauthorized access to configuration settings.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2011-1370

Affected Products

Ibm Lotus Sametime

PT-2011-3089 · Ibm · Ibm Lotus Sametime

CVE-2011-1370

Weakness Enumeration

Related Identifiers

Affected Products

References · 3