A vulnerability exists that can allow a remote attacker to send commands in a specially crafted way in a Sametime IM chat to a user. The issue exists in both the Sametime rich client (Sametime Connect or embedded Sametime in Notes) and web client.
This potential vulnerability affects the Sametime clients, standalone and embedded and the Sametime web chat starting at version 8.0.2, 8.5.1, 8.5.1.1, 8.5.2, 8.5.2.1 on Windows, Macintosh and Linux.
The following client types are not affected by this issue:
- Sametime Mobile clients
- STLinks integration
- Sametime version 8.0.1, 8.0.0 or 7.5.1 of all rich clients (Notes embedded and stand-alone)
- Embedded Sametime in Notes 8.5.3 FP2 client
- Notes Basic clients
- Proxy 8.5 SDK clients
REMEDIATION: The recommended solution is to apply the fixes that are provided by IBM for the affected Sametime clients.
Security Bulletin: Sametime Client Vulnerability
Comments [0]
No Comments Found