Vulnerabilities > CVE-2011-1370 - Configuration vulnerability in IBM Lotus Sametime
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 50410 CVE ID:CVE-2011-1370 IBM Lotus Sametime Server是一款实时协作和网络会议解决方案。 IBM Lotus Sametime配置servlet没有对请求进行正确验证,远程攻击者可利用漏洞获得对某些配置数据的读访问,导致敏感信息泄露。 IBM Lotus Sametime 8.5.1 IBM Lotus Sametime 8.0.2 IBM Lotus Sametime 8.0.1 IBM Lotus Sametime 7.5.1 FP 1 IBM Lotus Sametime 7.5.1 IBM Lotus Sametime 8.5 IBM Lotus Sametime 8.0 IBM Lotus Sametime 7.5 IBM Lotus Sametime 7.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.ibm.com/support/docview.wss?uid=swg21569452 |
| id | SSV:23159 |
| last seen | 2017-11-19 |
| modified | 2011-11-01 |
| published | 2011-11-01 |
| reporter | Root |
| title | IBM Lotus Sametime配置Servlet验证安全绕过漏洞 |