{"api_version":"1","generated_at":"2026-07-06T03:22:33+00:00","cve":"CVE-2016-2974","urls":{"html":"https://cve.report/CVE-2016-2974","api":"https://cve.report/api/cve/CVE-2016-2974.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-2974","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-2974"},"summary":{"title":"CVE-2016-2974","description":"IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2017-08-29 21:29:00","updated_at":"2017-09-01 18:13:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg22006444","name":"http://www.ibm.com/support/docview.wss?uid=swg22006444","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"IBM notice: The page you requested cannot be displayed","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/100528","name":"100528","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"IBM Sametime Connect Client CVE-2016-2974 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/113934","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/113934","refsource":"MISC","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-2974","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2974","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"8.5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"8.5.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"8.5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"8.5.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2974","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"sametime","cpe6":"9.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2017-08-25T00:00:00","ID":"CVE-2016-2974","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Sametime","version":{"version_data":[{"version_value":"8.5.2"},{"version_value":"8.5.2.1"},{"version_value":"9.0"},{"version_value":"9.0.0.1"},{"version_value":"9.0.1"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"references":{"reference_data":[{"name":"100528","refsource":"BID","url":"http://www.securityfocus.com/bid/100528"},{"name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/113934","refsource":"MISC","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/113934"},{"name":"http://www.ibm.com/support/docview.wss?uid=swg22006444","refsource":"CONFIRM","url":"http://www.ibm.com/support/docview.wss?uid=swg22006444"}]}},"nvd":{"publishedDate":"2017-08-29 21:29:00","lastModifiedDate":"2017-09-01 18:13:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:sametime:8.5.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:sametime:8.5.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:sametime:9.0.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"2974","Ordinal":"88847","Title":"CVE-2016-2974","CVE":"CVE-2016-2974","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"2974","Ordinal":"1","NoteData":"IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"2974","Ordinal":"2","NoteData":"2017-08-29","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"2974","Ordinal":"3","NoteData":"2017-08-31","Type":"Other","Title":"Modified"}]}}}