CVE-2013-3984

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-26 04:29

Updated : 2024-02-04 18:35


NVD link : CVE-2013-3984

Mitre link : CVE-2013-3984

CVE.ORG link : CVE-2013-3984


JSON object : View

Products Affected

ibm

  • sametime
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor