IBM Lotus Sametime configures a small service program to verify Security Vulnerabilities
Release date: 2011-10-31
Updated on: 2011-10-31
Affected Systems:
IBM Lotus Sametime 8.x
IBM Lotus Sametime 7.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-1370
IBM Sametime instant messaging software provides an integrated set of instant messaging services, including voice, data, and video, allowing people to more easily find and contact colleagues, customers, and business partners, and collaborate with it.
The IBM Lotus Sametime Configuration Service Program has a security vulnerability in the implementation of authentication requests, which can be exploited by malicious users to leak sensitive information.
<* Source: vendor
Link: http://www.ibm.com/support/docview.wss? Uid = swg21569452
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/