Vulnerabilities > CVE-2011-1370 - Configuration vulnerability in IBM Lotus Sametime

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-16

Summary

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 50410 CVE ID:CVE-2011-1370 IBM Lotus Sametime Server是一款实时协作和网络会议解决方案。 IBM Lotus Sametime配置servlet没有对请求进行正确验证,远程攻击者可利用漏洞获得对某些配置数据的读访问,导致敏感信息泄露。 IBM Lotus Sametime 8.5.1 IBM Lotus Sametime 8.0.2 IBM Lotus Sametime 8.0.1 IBM Lotus Sametime 7.5.1 FP 1 IBM Lotus Sametime 7.5.1 IBM Lotus Sametime 8.5 IBM Lotus Sametime 8.0 IBM Lotus Sametime 7.5 IBM Lotus Sametime 7.0 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.ibm.com/support/docview.wss?uid=swg21569452
idSSV:23159
last seen2017-11-19
modified2011-11-01
published2011-11-01
reporterRoot
titleIBM Lotus Sametime配置Servlet验证安全绕过漏洞