CVE-2013-3983

IBM Sametime 8.5.2-8.5.2.1 and 9.x-9.0.0.1 - Open Redirect via Cookie Header

Title source: llm
STIX 2.1

Description

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84966
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21662928

Scores

EPSS 0.0110
EPSS Percentile 61.7%

Details

CWE
CWE-20
Status published
Products (4)
ibm/sametime 8.5.2.0
ibm/sametime 8.5.2.1
ibm/sametime 9.0.0.0
ibm/sametime 9.0.0.1
Published Feb 14, 2014
Tracked Since Feb 18, 2026