Lucene search

IbmCVE-2013-3046

HistoryMay 26, 2014 - 4:29 a.m.

CVE-2013-3046

2014-05-2604:29:15

CWE-287

ibm

web.nvd.nist.gov

ibm sametime

meeting server

cve-2013-3046

security

hsts

http requests

man-in-the-middle

session hijacking

sensitive information

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.3%

JSON

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.

Affected configurations

Nvd

Node

ibmsametimeMatch8.0.0.0

ibmsametimeMatch8.0.1.0

ibmsametimeMatch8.0.1.1

ibmsametimeMatch8.0.2.0

ibmsametimeMatch8.0.2.1

ibmsametimeMatch8.5.0.0

ibmsametimeMatch8.5.1.0

ibmsametimeMatch8.5.1.1

ibmsametimeMatch8.5.2.0

ibmsametimeMatch8.5.2.1

ibmsametimeMatch9.0.0.0

ibmsametimeMatch9.0.0.1

VendorProductVersionCPE
ibmsametime8.0.0.0cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*
ibmsametime8.0.1.0cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*
ibmsametime8.0.1.1cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*
ibmsametime8.0.2.0cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*
ibmsametime8.0.2.1cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*
ibmsametime8.5.0.0cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*
ibmsametime8.5.1.0cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*
ibmsametime8.5.1.1cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*
ibmsametime8.5.2.0cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*
ibmsametime8.5.2.1cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sametime	8.0.0.0	cpe:2.3:a:ibm:sametime:8.0.0.0:::::::*
ibm	sametime	8.0.1.0	cpe:2.3:a:ibm:sametime:8.0.1.0:::::::*
ibm	sametime	8.0.1.1	cpe:2.3:a:ibm:sametime:8.0.1.1:::::::*
ibm	sametime	8.0.2.0	cpe:2.3:a:ibm:sametime:8.0.2.0:::::::*
ibm	sametime	8.0.2.1	cpe:2.3:a:ibm:sametime:8.0.2.1:::::::*
ibm	sametime	8.5.0.0	cpe:2.3:a:ibm:sametime:8.5.0.0:::::::*
ibm	sametime	8.5.1.0	cpe:2.3:a:ibm:sametime:8.5.1.0:::::::*
ibm	sametime	8.5.1.1	cpe:2.3:a:ibm:sametime:8.5.1.1:::::::*
ibm	sametime	8.5.2.0	cpe:2.3:a:ibm:sametime:8.5.2.0:::::::*
ibm	sametime	8.5.2.1	cpe:2.3:a:ibm:sametime:8.5.2.1:::::::*

Rows per page:

1-10 of 121

References

www-01.ibm.com/support/docview.wss?uid=swg21671201

exchange.xforce.ibmcloud.com/vulnerabilities/84819

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.3%

JSON

Related for CVE-2013-3046