The Sametime server contains a configuration servlet that is accessed by several Sametime server processes. By default, this servlet does not require authentication, which could potentially allow an unauthorized user to obtain read access to configuration data. Administrators are advised to protect this servlet by configuring Sametime to require authentication to this servlet.
Security Bulletin: Potential Security Exposure in IBM Lotus Sametime Configuration Servlet
Thema: Potential Security Exposure in IBM Lotus Sametime Configuration (Gelesen 1658 mal)