ID CVE-2013-3975
Summary Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
References
Vulnerable Configurations
  • IBM Sametime 9.0.0.1
    cpe:2.3:a:ibm:sametime:9.0.0.1
  • IBM Sametime 9.0.0.0
    cpe:2.3:a:ibm:sametime:9.0.0.0
  • IBM Sametime 8.5.2.1
    cpe:2.3:a:ibm:sametime:8.5.2.1
  • IBM Sametime 8.5.1.1
    cpe:2.3:a:ibm:sametime:8.5.1.1
  • IBM Sametime 8.5.2.0
    cpe:2.3:a:ibm:sametime:8.5.2.0
  • IBM Sametime 8.5.1.0
    cpe:2.3:a:ibm:sametime:8.5.1.0
  • IBM Sametime 8.5.0.0
    cpe:2.3:a:ibm:sametime:8.5.0.0
  • IBM Sametime 8.0.2.1
    cpe:2.3:a:ibm:sametime:8.0.2.1
  • IBM Sametime 8.0.2.0
    cpe:2.3:a:ibm:sametime:8.0.2.0
  • IBM Sametime 8.0.1.1
    cpe:2.3:a:ibm:sametime:8.0.1.1
  • IBM Sametime 8.0.1.0
    cpe:2.3:a:ibm:sametime:8.0.1.0
  • IBM Sametime 8.0.0.0
    cpe:2.3:a:ibm:sametime:8.0.0.0
CVSS
Base: 5.0 (as of 27-05-2014 - 09:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
metasploit via4
description This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack (which is preferred), or a bruteforce attack trying all usernames of MAXDEPTH length or less.
id MSF:AUXILIARY/GATHER/IBM_SAMETIME_ENUMERATE_USERS
last seen 2019-03-27
modified 2017-07-24
published 2013-12-26
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibm_sametime_enumerate_users.rb
title IBM Lotus Notes Sametime User Enumeration
refmap via4
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21671201
xf sametime-cve20133975-info-disc(84855)
Last major update 16-07-2014 - 14:49
Published 26-05-2014 - 00:29
Last modified 28-08-2017 - 21:33
Back to Top