Security Bulletin: Vulnerability in Classic Sametime Meetings Server (CVE-2013-0535)

Flash (Alert)


Abstract

The Web Application of the Classic Sametime Meetings server can be exploited via potential cross-site scripting (XSS) vulnerabilities. A fix is provided.

Content

VULNERABILITY DETAILS:


      DESCRIPTION:

      A fix is available for a potential cross-site scripting (XSS) security vulnerability that has been identified in connection with the IBM Classic Sametime Meetings Server.


      The issue can be fixed by installing the provided fix (see below under REMEDIATION heading)

      CVE-ID: CVE-2013-0535

      CVSS:

      CVSS Base Score: 3.5
      CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82657 for the current score
      CVSS Environmental Score*: Undefined
      CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

      AFFECTED PRODUCTS AND VERSIONS:

      IBM Classic Sametime Meetings server 8.5.2.1 and prior releases

      REMEDIATION

      The recommended solution is to apply the fixes that are provided by IBM for the affected IBM Classic Sametime Meetings server. The needed fix is for the Web Application part of the server.

      Refer to the following technote for instructions on how to download the relevant fixes:

      "Fix available for potential cross-site scripting (XSS) security vulnerabilities in Classic Sametime Meetings Server Web Application."

      WORKAROUND:

      None known; apply fixes.

      MITIGATION:

      None known; apply fixes.

REFERENCES: RELATED INFORMATION:
ACKNOWLEDGEMENT:

The vulnerability was reported to IBM by Christian Frei from usd GA.


CHANGE HISTORY:

<April 30 2013>: Original Copy Published.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Sametime
Classic Meeting Server

Software version:

7.5.1.2, 8.0.1, 8.0.2, 8.5, 8.5.1.2, 8.5.2.1

Operating system(s):

AIX, IBM i, Linux, Solaris, Windows

Reference #:

1635185

Modified date:

2013-04-29

Translate my page

Machine Translation

Content navigation