LEYON - All Things HCL Digital Solutions (the product family formerly known as Lotus)

Hello, Anonymous

 

Security Bulletin: Sametime Client Vulnerability

Martin Leyrer  August 11 2012 13:03:18

tags en  security  sametime  connect  client 

A vulnerability exists that can allow a remote attacker to send commands in a specially crafted way in a Sametime IM chat to a user. The issue exists in both the Sametime rich client (Sametime Connect or embedded Sametime in Notes) and web client.

This potential vulnerability affects the Sametime clients, standalone and embedded and the Sametime web chat starting at version 8.0.2, 8.5.1, 8.5.1.1, 8.5.2, 8.5.2.1 on Windows, Macintosh and Linux.

The following client types are not affected by this issue:

  • Sametime Mobile clients
  • STLinks integration
  • Sametime version 8.0.1, 8.0.0 or 7.5.1 of all rich clients (Notes embedded and stand-alone)
  • Embedded Sametime in Notes 8.5.3 FP2 client
  • Notes Basic clients
  • Proxy 8.5 SDK clients

REMEDIATION: The recommended solution is to apply the fixes that are provided by IBM for the affected Sametime clients.

Security Bulletin: Sametime Client Vulnerability

Comments [0]

No Comments Found

Discussion for this entry is now closed.

This is the Blog of Martin Leyrer, currently employed as an Senior Lab Services Consultant at HCL Digital Solutions.

The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.