Unrated severityNVD Advisory· Published Oct 29, 2011· Updated Jun 16, 2026
CVE-2011-1370
CVE-2011-1370
Description
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
Affected products
13cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*
- (no CPE)range: >=7.0 <=8.5.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.