CVE-2013-3982

IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Unauthenticated Exposure of Sensitive Information via Public Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3982. PoCs published by kicks4kittens, including Metasploit module auxiliary/gather/ibm_sametime_version.

AI-analyzed exploit summary This Metasploit module enumerates IBM Lotus Sametime version and configuration information by querying specific endpoints. It does not exploit a vulnerability but gathers data for reconnaissance.

Description

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.

Exploits (1)

metasploit SCANNER
by kicks4kittens · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ibm_sametime_version.rb

This Metasploit module enumerates IBM Lotus Sametime version and configuration information by querying specific endpoints. It does not exploit a vulnerability but gathers data for reconnaissance.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IBM Lotus Sametime
No auth needed
Prerequisites: Network access to the target Sametime server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84908
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21671201

Scores

EPSS 0.1315
EPSS Percentile 95.9%

Details

CWE
CWE-200
Status published
Products (12)
ibm/sametime 8.0.0.0
ibm/sametime 8.0.1.0
ibm/sametime 8.0.1.1
ibm/sametime 8.0.2.0
ibm/sametime 8.0.2.1
ibm/sametime 8.5.0.0
ibm/sametime 8.5.1.0
ibm/sametime 8.5.1.1
ibm/sametime 8.5.2.0
ibm/sametime 8.5.2.1
... and 2 more
Published May 26, 2014
Tracked Since Feb 18, 2026