Vulnerabilities > CVE-2013-0553 - Command Execution vulnerability in IBM Sametime Clients

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

NVD

Published: 2013-04-28

Updated: 2017-08-29

Summary

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM).

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Lotus Sametime 8.5.1 IBM Lotus Sametime 8.5.1.1 IBM Sametime 8.5.2.0 IBM Sametime 8.5.2.1	4

References

http://www-01.ibm.com/support/docview.wss?uid=swg21633618
https://exchange.xforce.ibmcloud.com/vulnerabilities/82915