CVE-2013-3044

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21654355	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84815
http://www-01.ibm.com/support/docview.wss?uid=swg21654355	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84815

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_sametime:8.5.2:::::::*
	cpe:2.3:a:ibm:lotus_sametime:8.5.2.1:::::::*

History

21 Nov 2024, 01:52

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21654355 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21654355 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/84815 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/84815 -

Information

Published : 2013-11-09 01:55

Updated : 2024-11-21 01:52

NVD link : CVE-2013-3044

Mitre link : CVE-2013-3044

CVE.ORG link : CVE-2013-3044

JSON object : View

Products Affected

ibm

lotus_sametime

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-3044", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-09T01:55:04.423", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84815", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84815", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges."}, {"lang": "es", "value": "Vulnerabilidad en Enterprise Meeting Server de IBM Lotus Sametime 8.5.2 y 8.5.2.1 permite a usuarios remotos autenticados falsificar el origen de los mensajes de chat, o componer mensajes de chat an\u00f3nimos, mediante el aprovechamiento de privilegios meeting-attendance."}], "lastModified": "2024-11-21T01:52:53.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F87653-1AF5-4F84-9132-0B51AE6058EB"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDFDA5F-7C63-472B-8246-EA1EFC2590E7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}