VYPR
Unrated severityNVD Advisory· Published Oct 29, 2011· Updated Jun 16, 2026

CVE-2011-1370

CVE-2011-1370

Description

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Affected products

13
  • IBM/Sametime13 versions
    cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*
    • (no CPE)range: >=7.0 <=8.5.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.