NVD

Id
29742  
Name
CVE-2014-0906  
Description
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-05-26  
Modified Date
2014-06-27  
Seq
2014-0906  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157149 29742 CVE-2014-0906 http://www-01.ibm.com/support/docview.wss?uid=swg21671201  View
157150 29742 CVE-2014-0906 sametime-cve20140906-cookie-validity(91854)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13761 JVNDB-2014-002636 IBM Sametime の Meeting Server におけるユーザの検索アクションを行われる脆弱性 IBM Sametime の Meeting Server は、セッション Cookie が最新であるかをチェックしないため、ユーザの検索アクションを行われる脆弱性が存在します。 CVE-2014-0906 68307 CVE-2014-0906 29742 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002636.html 2014-05-21 2014-05-28 View