CVE-2013-0534

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21635218	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82656

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_sametime:8.5.1:::::::*
	cpe:2.3:a:ibm:lotus_sametime:8.5.1.1:::::::*
	cpe:2.3:a:ibm:lotus_sametime:8.5.1.2:::::::*
	cpe:2.3:a:ibm:lotus_sametime:8.5.2:::::::*
	cpe:2.3:a:ibm:lotus_sametime:8.5.2.1:::::::*
	cpe:2.3:a:ibm:sametime:8.5.1:::::::*
	cpe:2.3:a:ibm:sametime:8.5.1.1:::::::*
	cpe:2.3:a:ibm:sametime:8.5.1.2:::::::*
	cpe:2.3:a:ibm:sametime:8.5.2:::::::*
	cpe:2.3:a:ibm:sametime:8.5.2.1:::::::*

History

No history.

Information

Published : 2013-06-21 14:55

Updated : 2017-08-29 01:33

NVD link : CVE-2013-0534

Mitre link : CVE-2013-0534

CVE.ORG link : CVE-2013-0534

JSON object : View

Products Affected

ibm

lotus_sametime
sametime

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-0534", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-21T14:55:01.107", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635218", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82656", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory."}, {"lang": "es", "value": "El cliente Connect en IBM Sametime v8.5.1, v8.5.1.1, v8.5.1.2, v8.5.2, y v8.5.2.1, como se usaba en el cliente Lotus Notes puede permitir a usuarios locales obtener informaci\u00f3n sensible mediante el aprovechamiento de contrase\u00f1as persistentes en texto plano dentro de la memoria del proceso."}], "lastModified": "2017-08-29T01:33:05.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8112891-92F2-4EB9-9BBF-6FAB0C415368"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "027CB674-3C7A-44A0-8912-508BD3FA6CC3"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD44793-F90F-4323-9264-533481A0627E"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F87653-1AF5-4F84-9132-0B51AE6058EB"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:8.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDFDA5F-7C63-472B-8246-EA1EFC2590E7"}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "560B6125-BCB9-4643-A738-431E4703C0D0"}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED661C82-9230-4501-BD87-26E68FD264C6"}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A3B74D-CEFC-4D9F-BB3D-23717891100C"}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE89A24-6CD5-4881-94A9-A2E2E019D66F"}, {"criteria": "cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A84C4658-AEE7-4C63-A188-795B8FEB3A47"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}