| Vulnerability Name: | CVE-2011-1370 (CCN-70923) | ||||||||
| Assigned: | 2011-10-27 | ||||||||
| Published: | 2011-10-27 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:TF/RC:C)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:TF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-16 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-1370 Source: CCN Type: SA46647 IBM Lotus Sametime Configuration Servlet Authentication Security Issue Source: CCN Type: IBM Security Bulletin 1569452 Potential Security Exposure in IBM Lotus Sametime Configuration Servlet (CVE-2011-1370) Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21569452 Source: CCN Type: OSVDB ID: 76621 IBM Lotus Sametime Configuration Servlet Authentication Weakness Remote Configuration Data Disclosure Source: CCN Type: BID-50410 IBM Lotus Sametime Configuration Servlet Authentication Security Bypass Vulnerability Source: XF Type: UNKNOWN lotussametime-configserv-info-disclosure(70923) Source: XF Type: UNKNOWN lotussametime-configserv-info-disclosure(70923) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||