Vulnerabilities > CVE-2013-3975 - Information Disclosure vulnerability in IBM Sametime Meeting Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

metasploit

NVD

Published: 2014-05-26

Updated: 2017-08-29

Summary

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sametime 8.0.0.0 IBM Sametime 8.0.1.0 IBM Sametime 8.0.1.1 IBM Sametime 8.0.2.0 IBM Sametime 8.0.2.1 IBM Sametime 8.5.0.0 IBM Sametime 8.5.1.0 IBM Sametime 8.5.1.1 IBM Sametime 8.5.2.0 IBM Sametime 8.5.2.1 IBM Sametime 9.0.0.0 IBM Sametime 9.0.0.1	12

Metasploit

description	This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack (which is preferred), or a bruteforce attack trying all usernames of MAXDEPTH length or less.
id	MSF:AUXILIARY/GATHER/IBM_SAMETIME_ENUMERATE_USERS
last seen	2020-06-08
modified	2017-07-24
published	2013-12-26
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3975 http://www-01.ibm.com/support/docview.wss?uid=swg21671201
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/ibm_sametime_enumerate_users.rb
title	IBM Lotus Notes Sametime User Enumeration

Summary

Vulnerable Configurations

Metasploit

References