fkie_nvd - fkie_cve-2011-1370

fkie_cve-2011-1370

Vulnerability from fkie_nvd

Published

2011-10-29 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

References

▼	URL	Tags
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21569452
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/70923
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21569452
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/70923

Impacted products

Vendor	Product	Version
ibm	lotus_sametime	7.0
ibm	lotus_sametime	7.5
ibm	lotus_sametime	7.5.0.1
ibm	lotus_sametime	7.5.1
ibm	lotus_sametime	7.5.1.1
ibm	lotus_sametime	7.5.1.2
ibm	lotus_sametime	8.0
ibm	lotus_sametime	8.0.1
ibm	lotus_sametime	8.0.2
ibm	lotus_sametime	8.5
ibm	lotus_sametime	8.5.1
ibm	lotus_sametime	8.5.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D39A4223-0F4B-4E29-A661-F8E4B1AC9785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5FF0F3-D0E6-4933-8826-50C5584D0615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FA50A4-0623-460F-A461-98BE75B1ABA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2F7120-CD96-4817-97C3-470FC21B75B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4F2D5C-9480-4341-A2B6-7B28DB00EACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1944959C-CB01-4007-BCB0-A76AC4AA7E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6200D391-5317-4CF5-828F-5FB68C3B45E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71EB8C02-5EA3-4E16-8834-064AE4208BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "802AC4A0-7A7A-44B4-8422-A3015D750493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "248C93BA-B1CA-41BF-AF1C-14D0E94CC0D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8112891-92F2-4EB9-9BBF-6FAB0C415368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F87653-1AF5-4F84-9132-0B51AE6058EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto del servlet de configuraci\u00f3n de Sametime (SCS) del servidor de IBM Lotus Sametime 7.0 hasta la versi\u00f3n 8.5.2 no habilita el requisito de autenticaci\u00f3n, lo que permite a atacantes remotos leer las opciones de configuraci\u00f3n examinando un mensaje de respuesta."
    }
  ],
  "id": "CVE-2011-1370",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-29T10:55:08.273",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21569452"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21569452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70923"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1370 (GCVE-0-2011-1370)

Vulnerability from cvelistv5

Published

2011-10-29 10:00

Modified

2024-08-06 22:21