Lucene search

IbmCVE-2013-3984

HistoryMay 26, 2014 - 4:29 a.m.

CVE-2013-3984

2014-05-2604:29:16

CWE-200

ibm

web.nvd.nist.gov

ibm

sametime

meeting server

https

security vulnerability

cve-2013-3984

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

57.3%

JSON

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected configurations

Nvd

Node

ibmsametimeMatch8.0.0.0

ibmsametimeMatch8.0.1.0

ibmsametimeMatch8.0.1.1

ibmsametimeMatch8.0.2.0

ibmsametimeMatch8.0.2.1

ibmsametimeMatch8.5.0.0

ibmsametimeMatch8.5.1.0

ibmsametimeMatch8.5.1.1

ibmsametimeMatch8.5.2.0

ibmsametimeMatch8.5.2.1

ibmsametimeMatch9.0.0.0

VendorProductVersionCPE
ibmsametime8.0.0.0cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*
ibmsametime8.0.1.0cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*
ibmsametime8.0.1.1cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*
ibmsametime8.0.2.0cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*
ibmsametime8.0.2.1cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*
ibmsametime8.5.0.0cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*
ibmsametime8.5.1.0cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*
ibmsametime8.5.1.1cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*
ibmsametime8.5.2.0cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*
ibmsametime8.5.2.1cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sametime	8.0.0.0	cpe:2.3:a:ibm:sametime:8.0.0.0:::::::*
ibm	sametime	8.0.1.0	cpe:2.3:a:ibm:sametime:8.0.1.0:::::::*
ibm	sametime	8.0.1.1	cpe:2.3:a:ibm:sametime:8.0.1.1:::::::*
ibm	sametime	8.0.2.0	cpe:2.3:a:ibm:sametime:8.0.2.0:::::::*
ibm	sametime	8.0.2.1	cpe:2.3:a:ibm:sametime:8.0.2.1:::::::*
ibm	sametime	8.5.0.0	cpe:2.3:a:ibm:sametime:8.5.0.0:::::::*
ibm	sametime	8.5.1.0	cpe:2.3:a:ibm:sametime:8.5.1.0:::::::*
ibm	sametime	8.5.1.1	cpe:2.3:a:ibm:sametime:8.5.1.1:::::::*
ibm	sametime	8.5.2.0	cpe:2.3:a:ibm:sametime:8.5.2.0:::::::*
ibm	sametime	8.5.2.1	cpe:2.3:a:ibm:sametime:8.5.2.1:::::::*

Rows per page:

1-10 of 111

References

www-01.ibm.com/support/docview.wss?uid=swg21671201

exchange.xforce.ibmcloud.com/vulnerabilities/84967

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

57.3%

JSON

Related for CVE-2013-3984