Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3046

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-3046
Last Modified 16 Jul 2014 02:51:11
Published 26 May 2014 12:29:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-3046

Summary

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.

Vulnerable Systems

Application

  • Ibm Sametime 8.0.0.0

  • Ibm Sametime 8.0.1.0

  • Ibm Sametime 8.0.1.1

  • Ibm Sametime 8.0.2.0

  • Ibm Sametime 8.0.2.1

  • Ibm Sametime 8.5.0.0

  • Ibm Sametime 8.5.1.0

  • Ibm Sametime 8.5.1.1

  • Ibm Sametime 8.5.2.0

  • Ibm Sametime 8.5.2.1

  • Ibm Sametime 9.0.0.0

  • Ibm Sametime 9.0.0.1


References

XF - sametime-cve20133046-weak-security(84819)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21671201


Last Updated: 27 May 2016 11:05:22