CVE-2013-3975

IBM Sametime <9.0.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3975. PoCs published by kicks4kittens, including Metasploit module auxiliary/gather/ibm_sametime_enumerate_users.

AI-analyzed exploit summary This Metasploit module performs user enumeration on IBM Lotus Notes Sametime by exploiting an information disclosure vulnerability (CVE-2013-3975). It supports both dictionary-based and brute-force attacks to extract usernames via the web interface.

Description

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

Exploits (1)

metasploit SCANNER
by kicks4kittens · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibm_sametime_enumerate_users.rb

This Metasploit module performs user enumeration on IBM Lotus Notes Sametime by exploiting an information disclosure vulnerability (CVE-2013-3975). It supports both dictionary-based and brute-force attacks to extract usernames via the web interface.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM Lotus Notes Sametime
No auth needed
Prerequisites: Network access to the Sametime web interface · SSL/TLS connectivity to port 443
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21671201
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84855

Scores

EPSS 0.1315
EPSS Percentile 95.9%

Details

Status published
Products (12)
ibm/sametime 8.0.0.0
ibm/sametime 8.0.1.0
ibm/sametime 8.0.1.1
ibm/sametime 8.0.2.0
ibm/sametime 8.0.2.1
ibm/sametime 8.5.0.0
ibm/sametime 8.5.1.0
ibm/sametime 8.5.1.1
ibm/sametime 8.5.2.0
ibm/sametime 8.5.2.1
... and 2 more
Published May 26, 2014
Tracked Since Feb 18, 2026