fkie_nvd - fkie_cve-2013-3977

fkie_cve-2013-3977

Vulnerability from fkie_nvd

Published

2014-05-26 04:29

Modified

2025-04-12 10:46

Severity ?

Summary

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84901
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84901

Impacted products

Vendor	Product	Version
ibm	sametime	8.0.0.0
ibm	sametime	8.0.1.0
ibm	sametime	8.0.1.1
ibm	sametime	8.0.2.0
ibm	sametime	8.0.2.1
ibm	sametime	8.5.0.0
ibm	sametime	8.5.1.0
ibm	sametime	8.5.1.1
ibm	sametime	8.5.2.0
ibm	sametime	8.5.2.1
ibm	sametime	9.0.0.0
ibm	sametime	9.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE27A8A-3655-41E5-9FAD-A9172300812E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C482E-EEA8-4BAD-93CF-558BF94E7484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47702E19-5102-4982-A51D-D9890BFE2718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08A1498-47E4-42A1-9563-F92485E70683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0599D508-931E-4D97-BCC5-73F9631013CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACDB888-CB6C-41DD-B57E-65237A5A8EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3123052-F774-4929-932E-D6262581F3C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "624F11B5-9305-49E9-A7F1-45845234BFD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5B5DF0-0678-4E47-AC68-E24B5A93597D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names."
    },
    {
      "lang": "es",
      "value": "Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos determinar qu\u00e9 aulas de reuniones pertenecen a un usuario mediante el aprovechamiento de conocimiento de nombres de usuarios v\u00e1lidos."
    }
  ],
  "id": "CVE-2013-3977",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T04:29:15.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84901"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-3977 (GCVE-0-2013-3977)

Vulnerability from cvelistv5

Published

2014-05-26 01:00

Modified

2024-08-06 16:30