CVE-2008-2499

{"id": "CVE-2008-2499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-05-29T16:32:00.000", "references": [{"url": "http://secunia.com/advisories/30309", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29328", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020093", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1595/references", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-028/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42575", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30309", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/29328", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1020093", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1595/references", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-028/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42575", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el Community Services Multiplexer (tambi\u00e9n conocido como MUX o StMux.exe) de IBM Lotus Sametime 7.5.1 CF1 y anteriores, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL manipulada."}], "lastModified": "2024-11-21T00:47:00.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D250D7E-88E7-46B7-8C63-C067D9889A76", "versionEndIncluding": "7.5"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A811D9B9-99EF-4324-87ED-F13A311EAB67", "versionEndExcluding": "8.0.1", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5.1:cf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8A12AF0-F301-4661-AD90-21077BF203B9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}