CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
57.3%
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sametime | 8.0.0.0 | cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:* |
ibm | sametime | 8.0.1.0 | cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:* |
ibm | sametime | 8.0.1.1 | cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:* |
ibm | sametime | 8.0.2.0 | cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:* |
ibm | sametime | 8.0.2.1 | cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:* |
ibm | sametime | 8.5.0.0 | cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:* |
ibm | sametime | 8.5.1.0 | cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:* |
ibm | sametime | 8.5.1.1 | cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:* |
ibm | sametime | 8.5.2.0 | cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:* |
ibm | sametime | 8.5.2.1 | cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:* |