The Sametime server contains a configuration servlet that is accessed by several Sametime server processes. By default, this servlet does not require authentication, which could potentially allow an unauthorized user to obtain read access to configuration data. Administrators are advised to protect this servlet by configuring Sametime to require authentication to this servlet.

Details & Fix

Comments [0]

No Comments Found


Discussion for this entry is now closed.

This is the Blog of Martin Leyrer, currently employed as an Senior Lab Services Consultant at HCL Digital Solutions.

The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.