Permission Escalation in IBM Sametime Meeting Server by Malicious Users
CVE-2016-2977

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Sametime
Vendor
CVE Published:
29 August 2017

Summary

IBM Sametime Meeting Server versions 8.5.2 and 9.0 are susceptible to a vulnerability that enables a malicious user to manipulate participants' permissions during meetings. Specifically, this security flaw allows an attacker to lower the hands of other users, disrupting the meeting flow and potentially causing confusion or loss of control over the session. This issue emphasizes the need for robust security measures and user permissions management in collaborative platforms.

Affected Version(s)

Sametime 8.5.2

Sametime 8.5.2.1

Sametime 9.0

References

http://www.securityfocus.com/bid/100599
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039231
vdb-entryx_refsource_SECTRACK
http://www.ibm.com/support/docview.wss?uid=swg22006439
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.