Weak Domain Variable Setting in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Allows Session Variable Reading

Weak Domain Variable Setting in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Allows Session Variable Reading

CVE-2013-3985 · LOW Severity

AV:A/AC:M/AU:N/C:P/I:N/A:N

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.

Learn more about our Cis Benchmark Audit For Ibm I.