fkie_nvd - fkie_cve-2013-3975

fkie_cve-2013-3975

Vulnerability from fkie_nvd

Published

2014-05-26 04:29

Modified

2025-04-12 10:46

Severity ?

Summary

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84855
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84855

Impacted products

Vendor	Product	Version
ibm	sametime	8.0.0.0
ibm	sametime	8.0.1.0
ibm	sametime	8.0.1.1
ibm	sametime	8.0.2.0
ibm	sametime	8.0.2.1
ibm	sametime	8.5.0.0
ibm	sametime	8.5.1.0
ibm	sametime	8.5.1.1
ibm	sametime	8.5.2.0
ibm	sametime	8.5.2.1
ibm	sametime	9.0.0.0
ibm	sametime	9.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE27A8A-3655-41E5-9FAD-A9172300812E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C482E-EEA8-4BAD-93CF-558BF94E7484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47702E19-5102-4982-A51D-D9890BFE2718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08A1498-47E4-42A1-9563-F92485E70683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0599D508-931E-4D97-BCC5-73F9631013CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACDB888-CB6C-41DD-B57E-65237A5A8EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3123052-F774-4929-932E-D6262581F3C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "624F11B5-9305-49E9-A7F1-45845234BFD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5B5DF0-0678-4E47-AC68-E24B5A93597D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descubrir nombres, nombres completos y direcciones de e-mail de usuarios a trav\u00e9s de una b\u00fasqueda."
    }
  ],
  "id": "CVE-2013-3975",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T04:29:15.740",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84855"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-3975 (GCVE-0-2013-3975)

Vulnerability from cvelistv5

Published

2014-05-26 01:00

Modified

2024-08-06 16:30