Unrated severityNVD Advisory· Published Jul 13, 2009· Updated Jun 16, 2026
CVE-2009-2435
CVE-2009-2435
Description
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:ibm:lotus_instant_messaging_and_web_conferencing:6.5.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:lotus_instant_messaging_and_web_conferencing:6.5.1:*:*:*:*:*:*:*
- (no CPE)range: 6.5.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.