Описание
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.0035
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
EPSS
Процентиль: 57%
0.0035
Низкий
7.5 High
CVSS2
Дефекты
CWE-20