Lucene search

[email protected]NVD:CVE-2011-1370

HistoryOct 29, 2011 - 10:55 a.m.

CVE-2011-1370

2011-10-2910:55:08

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

68.5%

JSON

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Affected configurations

Nvd

Node

ibmlotus_sametimeMatch7.0

ibmlotus_sametimeMatch7.5

ibmlotus_sametimeMatch7.5.0.1

ibmlotus_sametimeMatch7.5.1

ibmlotus_sametimeMatch7.5.1.1

ibmlotus_sametimeMatch7.5.1.2

ibmlotus_sametimeMatch8.0

ibmlotus_sametimeMatch8.0.1

ibmlotus_sametimeMatch8.0.2

ibmlotus_sametimeMatch8.5

ibmlotus_sametimeMatch8.5.1

ibmlotus_sametimeMatch8.5.2

VendorProductVersionCPE
ibmlotus_sametime7.0cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
ibmlotus_sametime7.5cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*
ibmlotus_sametime7.5.0.1cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*
ibmlotus_sametime7.5.1cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
ibmlotus_sametime7.5.1.1cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*
ibmlotus_sametime7.5.1.2cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*
ibmlotus_sametime8.0cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*
ibmlotus_sametime8.0.1cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*
ibmlotus_sametime8.0.2cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*
ibmlotus_sametime8.5cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_sametime	7.0	cpe:2.3:a:ibm:lotus_sametime:7.0:::::::*
ibm	lotus_sametime	7.5	cpe:2.3:a:ibm:lotus_sametime:7.5:::::::*
ibm	lotus_sametime	7.5.0.1	cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:::::::*
ibm	lotus_sametime	7.5.1	cpe:2.3:a:ibm:lotus_sametime:7.5.1:::::::*
ibm	lotus_sametime	7.5.1.1	cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:::::::*
ibm	lotus_sametime	7.5.1.2	cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:::::::*
ibm	lotus_sametime	8.0	cpe:2.3:a:ibm:lotus_sametime:8.0:::::::*
ibm	lotus_sametime	8.0.1	cpe:2.3:a:ibm:lotus_sametime:8.0.1:::::::*
ibm	lotus_sametime	8.0.2	cpe:2.3:a:ibm:lotus_sametime:8.0.2:::::::*
ibm	lotus_sametime	8.5	cpe:2.3:a:ibm:lotus_sametime:8.5:::::::*

Rows per page:

1-10 of 121

References

www-01.ibm.com/support/docview.wss?uid=swg21569452

exchange.xforce.ibmcloud.com/vulnerabilities/70923

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

68.5%

JSON

Related for NVD:CVE-2011-1370

cve1 cvelist1 prion1 seebug1