PT-2017-7610 · Ibm · Ibm Sametime Enterprise Meeting Server

Published

2017-08-29

Updated

2017-09-07

CVE-2016-0354

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Sametime Enterprise Meeting Server versions 8.5.2 through 9.0

Description The issue allows an authenticated user to upload a malicious file to a meeting room, which could then be downloaded by other users. This malicious file could be executed with the privileges of the user who downloads it.

Recommendations For versions 8.5.2 through 9.0, consider restricting file upload capabilities to trusted users or disabling file sharing in meeting rooms until a fix is available.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2016-0354

Affected Products

Ibm Sametime Enterprise Meeting Server

PT-2017-7610 · Ibm · Ibm Sametime Enterprise Meeting Server

CVE-2016-0354

Weakness Enumeration

Related Identifiers

Affected Products

References · 6