CVE Vulnerabilities

CVE-2013-3985

Published: Nov 09, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.9 LOW
AV:A/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.

Affected Software

Name Vendor Start Version End Version
Lotus_sametime Ibm 8.5.2 (including) 8.5.2 (including)
Lotus_sametime Ibm 8.5.2.1 (including) 8.5.2.1 (including)

References