Vulnerabilities > CVE-2016-2972 - Credentials Management vulnerability in IBM Sametime

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ibm

CWE-255

NVD

Published: 2017-08-29

Updated: 2017-09-07

Summary

IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sametime 9.0.0.0 IBM Sametime 8.5.2.1 IBM Sametime 9.0.0.1 IBM Sametime 8.5.2.0 IBM Sametime 9.0.1	5

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/113855
http://www.ibm.com/support/docview.wss?uid=swg22006439
http://www.securitytracker.com/id/1039231
http://www.securityfocus.com/bid/100599