CVE-2013-3977

IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Meeting Room Enumeration via Valid User Names

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3977. PoCs published by kicks4kittens, including Metasploit module auxiliary/gather/ibm_sametime_room_brute.

AI-analyzed exploit summary This Metasploit module bruteforces IBM Lotus Notes Sametime meeting room names via the web interface. It checks for valid room names by querying the REST API and parsing JSON responses.

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

Exploits (1)

metasploit SCANNER
by kicks4kittens · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibm_sametime_room_brute.rb

This Metasploit module bruteforces IBM Lotus Notes Sametime meeting room names via the web interface. It checks for valid room names by querying the REST API and parsing JSON responses.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IBM Lotus Notes Sametime
No auth needed
Prerequisites: Access to the Sametime web interface · Valid owner name · Dictionary file for room name bruteforcing
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84901
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21671201

Scores

EPSS 0.0905
EPSS Percentile 94.6%

Details

CWE
CWE-287
Status published
Products (12)
ibm/sametime 8.0.0.0
ibm/sametime 8.0.1.0
ibm/sametime 8.0.1.1
ibm/sametime 8.0.2.0
ibm/sametime 8.0.2.1
ibm/sametime 8.5.0.0
ibm/sametime 8.5.1.0
ibm/sametime 8.5.1.1
ibm/sametime 8.5.2.0
ibm/sametime 8.5.2.1
... and 2 more
Published May 26, 2014
Tracked Since Feb 18, 2026