CVE-2014-0906 - OpenCVE

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sametime

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sametime:8.0.0.0:::::::*
	cpe:2.3:a:ibm:sametime:8.0.1.0:::::::*
	cpe:2.3:a:ibm:sametime:8.0.1.1:::::::*
	cpe:2.3:a:ibm:sametime:8.0.2.0:::::::*
	cpe:2.3:a:ibm:sametime:8.0.2.1:::::::*
	cpe:2.3:a:ibm:sametime:8.5.0.0:::::::*
	cpe:2.3:a:ibm:sametime:8.5.1.0:::::::*
	cpe:2.3:a:ibm:sametime:8.5.1.1:::::::*
	cpe:2.3:a:ibm:sametime:8.5.2.0:::::::*
	cpe:2.3:a:ibm:sametime:8.5.2.1:::::::*
	cpe:2.3:a:ibm:sametime:9.0.0.0:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21671201
https://exchange.xforce.ibmcloud.com/vulnerabilities/91854

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-05-26T01:00:00

Updated: 2024-08-06T09:27:20.088Z

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0906

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-26T04:29:16.147

Modified: 2017-08-29T01:34:19.967

Link: CVE-2014-0906

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sametime:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CE27A8A-3655-41E5-9FAD-A9172300812E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "836C482E-EEA8-4BAD-93CF-558BF94E7484", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "47702E19-5102-4982-A51D-D9890BFE2718", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B08A1498-47E4-42A1-9563-F92485E70683", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0599D508-931E-4D97-BCC5-73F9631013CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5ACDB888-CB6C-41DD-B57E-65237A5A8EF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3123052-F774-4929-932E-D6262581F3C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "624F11B5-9305-49E9-A7F1-45845234BFD6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie."}, {"lang": "es", "value": "Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no comprueba si una cookie de sesi\u00f3n es actual, lo que permite a atacantes remotos realizar acciones de b\u00fasqueda de usuario mediante el aprovechamiento de una cookie (1) caducada o (2) invalidada."}], "id": "CVE-2014-0906", "lastModified": "2017-08-29T01:34:19.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-26T04:29:16.147", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91854"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}