IBM Sametime Connect Vulnerability (CVE-2014-0890)

Release date:
Updated on:

Affected Systems:
IBM Sametime Connect 9.0.0.1
IBM Sametime Connect 9.0
IBM Sametime Connect 8.5.2.1
IBM Sametime Connect 8.5.2
IBM Sametime Connect 8.5.1.2
IBM Sametime Connect 8.5.1.1
IBM Sametime Connect 8.5.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65937
CVE (CAN) ID: CVE-2014-0890

The IBM & Sametime product integrates real-time social communication functions into the business environment to achieve a unified user experience through instant messaging, online meetings, voice, video, and data.

The implementation of IBM Sametime Connect 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1 has the information leakage vulnerability, if you set the special log tag to advanced and use audio or video chat, the user's password will be recorded in plaintext or encoded (unencrypted) form. Attackers can exploit this vulnerability to obtain sensitive information.

<* Source: Adriano Marcio Monte Iro

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21665658
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ibm.com/support/fixcentral/
Http://www.ibm.com/support/docview.wss? Uid = swg21665652