PT-2014-2726 · Ibm · Ibm Sametime

Published

2014-02-13

Updated

2017-08-29

CVE-2013-3983

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.5.2 through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description The issue concerns the Meeting Server in IBM Sametime, where it fails to validate URLs in Cookie headers before using them in redirects. This has an unspecified impact and can be exploited through remote attack vectors.

Recommendations For IBM Sametime versions 8.5.2 through 8.5.2.1, update to a version that includes the fix for this issue. For IBM Sametime versions 9.x through 9.0.0.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the Meeting Server feature until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-3983

Affected Products

Ibm Sametime

PT-2014-2726 · Ibm · Ibm Sametime

CVE-2013-3983

Weakness Enumeration

Related Identifiers

Affected Products

References · 3