PT-2017-8281 · Ibm · Ibm Sametime Meeting Server

Published

2017-08-29

Updated

2017-09-07

CVE-2016-2972

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Sametime Meeting Server versions 8.5.2 through 9.0

Description The issue allows credentials of the Sametime Meetings user to be stored in the local cache of their browser, which could be accessed by a local user.

Recommendations For versions 8.5.2 through 9.0, consider clearing the browser cache regularly to minimize the risk of credential exposure. As a temporary workaround, restrict access to the browser cache to prevent unauthorized access to stored credentials.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2016-2972

Affected Products

Ibm Sametime Meeting Server

PT-2017-8281 · Ibm · Ibm Sametime Meeting Server

CVE-2016-2972

Weakness Enumeration

Related Identifiers

Affected Products

References · 6