Описание
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00254
Низкий
5 Medium
CVSS2
Дефекты
CWE-16
Связанные уязвимости
github
больше 3 лет назад
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
EPSS
Процентиль: 48%
0.00254
Низкий
5 Medium
CVSS2
Дефекты
CWE-16