CVE Vulnerabilities

CVE-2011-1370

Published: Oct 29, 2011 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Affected Software

Name Vendor Start Version End Version
Lotus_sametime Ibm 8.0.1 8.0.1
Lotus_sametime Ibm 8.5 8.5
Lotus_sametime Ibm 8.0 8.0
Lotus_sametime Ibm 8.0.2 8.0.2
Lotus_sametime Ibm 7.5.1 7.5.1
Lotus_sametime Ibm 7.5.0.1 7.5.0.1
Lotus_sametime Ibm 7.5.1.1 7.5.1.1
Lotus_sametime Ibm 8.5.2 8.5.2
Lotus_sametime Ibm 7.5.1.2 7.5.1.2
Lotus_sametime Ibm 7.0 7.0
Lotus_sametime Ibm 8.5.1 8.5.1
Lotus_sametime Ibm 7.5 7.5

References