Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1370

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1370
Last Modified 27 Mar 2012 12:00:00
Published 29 Oct 2011 06:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1370

Summary

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Vulnerable Systems

Application

  • Ibm Lotus Sametime 7.0

  • Ibm Lotus Sametime 7.5

  • Ibm Lotus Sametime 7.5.0.1

  • Ibm Lotus Sametime 7.5.1

  • Ibm Lotus Sametime 7.5.1.1

  • Ibm Lotus Sametime 7.5.1.2

  • Ibm Lotus Sametime 8.0

  • Ibm Lotus Sametime 8.0.1

  • Ibm Lotus Sametime 8.0.2

  • Ibm Lotus Sametime 8.5

  • Ibm Lotus Sametime 8.5.1

  • Ibm Lotus Sametime 8.5.2


References

XF - lotussametime-configserv-info-disclosure(70923)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21569452


Last Updated: 27 May 2016 10:56:18