CVE-2016-2965 - OpenCVE

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sametime

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sametime:8.5.2.0:::::::*
	cpe:2.3:a:ibm:sametime:8.5.2.1:::::::*
	cpe:2.3:a:ibm:sametime:9.0.0.0:::::::*
	cpe:2.3:a:ibm:sametime:9.0.0.1:::::::*
	cpe:2.3:a:ibm:sametime:9.0.1:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg22006439
http://www.securityfocus.com/bid/100599
http://www.securitytracker.com/id/1039231
https://exchange.xforce.ibmcloud.com/vulnerabilities/113846

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2017-08-29T18:00:00Z

Updated: 2024-09-17T00:46:21.638Z

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-2965

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-29T18:29:00.437

Modified: 2017-09-07T01:29:02.650

Link: CVE-2016-2965

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Sametime", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.5.2"}, {"status": "affected", "version": "8.5.2.1"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.0.0.1"}, {"status": "affected", "version": "9.0.1"}]}], "datePublic": "2017-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846."}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-06T09:57:02", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "100599", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100599"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113846"}, {"name": "1039231", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039231"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-23T00:00:00", "ID": "CVE-2016-2965", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sametime", "version": {"version_data": [{"version_value": "8.5.2"}, {"version_value": "8.5.2.1"}, {"version_value": "9.0"}, {"version_value": "9.0.0.1"}, {"version_value": "9.0.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "100599", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100599"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113846", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113846"}, {"name": "1039231", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039231"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:40:14.220Z"}, "title": "CVE Program Container", "references": [{"name": "100599", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100599"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113846"}, {"name": "1039231", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039231"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-2965", "datePublished": "2017-08-29T18:00:00Z", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2024-09-17T00:46:21.638Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D106630-D04F-406F-A3BD-029777B8E8F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "624F11B5-9305-49E9-A7F1-45845234BFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E5B5DF0-0678-4E47-AC68-E24B5A93597D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sametime:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6F45A7B-1865-400A-A2E0-6E7BE46F6C8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846."}, {"lang": "es", "value": "IBM Sametime 8.5.2 y 9.0 es vulnerable a ataques de Cross-Site Request Forgery (CSRF) a causa de una validaci\u00f3n incorrecta de entradas proporcionadas por el usuario. Si se persuade a un usuario para que visite un link malicioso, un atacante remoto podr\u00eda forzar al usuario a cerrar su sesi\u00f3n de Sametime. IBM X-Force ID: 113846."}], "id": "CVE-2016-2965", "lastModified": "2017-09-07T01:29:02.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-29T18:29:00.437", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/100599"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039231"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113846"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}