VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 29, 2011· Updated Apr 29, 2026

CVE-2011-1370

CVE-2011-1370

Description

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

Affected products

12
  • IBM/Lotus Sametime12 versions
    cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:7.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.