CVE-2011-1370

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Published: Oct 29, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-1370
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
ibm / lotus_sametime	8.0.1	8.0.1.x
ibm / lotus_sametime	8.5	8.5.x
ibm / lotus_sametime	8.0	8.0.x
ibm / lotus_sametime	8.0.2	8.0.2.x
ibm / lotus_sametime	7.5.1	7.5.1.x
ibm / lotus_sametime	7.5.0.1	7.5.0.1.x
ibm / lotus_sametime	7.5.1.1	7.5.1.1.x
ibm / lotus_sametime	8.5.2	8.5.2.x
ibm / lotus_sametime	7.5.1.2	7.5.1.2.x
ibm / lotus_sametime	7.0	7.0.x
ibm / lotus_sametime	8.5.1	8.5.1.x
ibm / lotus_sametime	7.5	7.5.x

http://www-01.ibm.com/support/docview.wss?uid=swg21569452
https://exchange.xforce.ibmcloud.com/vulnerabilities/70923

Vulnerability Database

289,697

CVE-2011-1370