Cross-Site Request Forgery Vulnerability in IBM Sametime Enterprise Meeting Server
CVE-2016-0355

6.5MEDIUM

Key Information:

Vendor

IBM
Status
Sametime
Vendor
CVE Published:
29 August 2017

What is CVE-2016-0355?

An authenticated user invited to a Sametime meeting can intentionally disrupt the screen sharing feature due to a cross-site request forgery vulnerability in IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. This flaw permits unauthorized actions to be performed without the user's consent, ultimately affecting the meeting experience.

Affected Version(s)

Sametime 8.5.2

Sametime 8.5.2.1

Sametime 9.0

References

http://www.securityfocus.com/bid/100599
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/111894
x_refsource_MISC
http://www.securitytracker.com/id/1039231
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.