The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 up to and including 8.5.2 does not enable an authentication requirement, which allows remote malicious users to read the configuration settings by examining a response message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus sametime 7.5.1 |
||
ibm lotus sametime 8.0.1 |
||
ibm lotus sametime 7.5.1.2 |
||
ibm lotus sametime 7.5.0.1 |
||
ibm lotus sametime 8.0 |
||
ibm lotus sametime 8.5.1 |
||
ibm lotus sametime 8.5 |
||
ibm lotus sametime 8.0.2 |
||
ibm lotus sametime 7.0 |
||
ibm lotus sametime 7.5 |
||
ibm lotus sametime 8.5.2 |
||
ibm lotus sametime 7.5.1.1 |