PT-2014-2727 · Ibm · Ibm Sametime

Published

2014-05-26

Updated

2017-08-29

CVE-2013-3984

CVSS v2.0

2.9

Low

Vector

AV:A/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.x through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description The issue concerns the Meeting Server in IBM Sametime, where it fails to set the secure flag for a cookie during an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For IBM Sametime versions 8.x through 8.5.2.1, update to a version that sets the secure flag for the cookie. For IBM Sametime versions 9.x through 9.0.0.1, update to a version that sets the secure flag for the cookie. As a temporary workaround, consider restricting access to the Meeting Server to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-3984

Affected Products

Ibm Sametime

PT-2014-2727 · Ibm · Ibm Sametime

CVE-2013-3984

Weakness Enumeration

Related Identifiers

Affected Products

References · 3