fkie_nvd - fkie_cve-2013-3981

fkie_cve-2013-3981

Vulnerability from fkie_nvd

Published

2014-05-26 04:29

Modified

2025-04-12 10:46

Severity ?

Summary

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84907
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21671201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84907

Impacted products

Vendor	Product	Version
ibm	sametime	8.0.0.0
ibm	sametime	8.0.1.0
ibm	sametime	8.0.1.1
ibm	sametime	8.0.2.0
ibm	sametime	8.0.2.1
ibm	sametime	8.5.0.0
ibm	sametime	8.5.1.0
ibm	sametime	8.5.1.1
ibm	sametime	8.5.2.0
ibm	sametime	8.5.2.1
ibm	sametime	9.0.0.0
ibm	sametime	9.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE27A8A-3655-41E5-9FAD-A9172300812E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C482E-EEA8-4BAD-93CF-558BF94E7484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47702E19-5102-4982-A51D-D9890BFE2718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08A1498-47E4-42A1-9563-F92485E70683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0599D508-931E-4D97-BCC5-73F9631013CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACDB888-CB6C-41DD-B57E-65237A5A8EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3123052-F774-4929-932E-D6262581F3C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "624F11B5-9305-49E9-A7F1-45845234BFD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5B5DF0-0678-4E47-AC68-E24B5A93597D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descargar fotograf\u00edas avatar de usuarios arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-3981",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T04:29:15.943",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84907"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-3981 (GCVE-0-2013-3981)

Vulnerability from cvelistv5

Published

2014-05-26 01:00