The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote malicious users to read session variables by leveraging a weak setting of the Domain variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus sametime 8.5.2.1 |
||
ibm lotus sametime 8.5.2 |