Sametime
Sign in to watchby IBM
CVEs (45)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2972 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | |
| CVE-2016-2965 | Med | 0.42 | 6.5 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | |
| CVE-2016-0356 | Med | 0.42 | 6.5 | 0.00 | Aug 29, 2017 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | |
| CVE-2016-0355 | Med | 0.42 | 6.5 | 0.00 | Aug 29, 2017 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | |
| CVE-2016-2980 | Med | 0.41 | 6.3 | 0.00 | Aug 29, 2017 | The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. | |
| CVE-2016-0354 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2017 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | |
| CVE-2016-2975 | Med | 0.35 | 5.4 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. | |
| CVE-2016-2967 | Med | 0.35 | 5.4 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. | |
| CVE-2016-2979 | Med | 0.35 | 5.4 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945. | |
| CVE-2016-2973 | Med | 0.35 | 5.4 | 0.00 | Aug 29, 2017 | IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | |
| CVE-2016-2964 | Med | 0.34 | 5.3 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. | |
| CVE-2016-2971 | Med | 0.34 | 5.3 | 0.00 | Aug 29, 2017 | IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. | |
| CVE-2016-2976 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. | |
| CVE-2016-2966 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | |
| CVE-2016-0358 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | |
| CVE-2016-2977 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. | |
| CVE-2016-2969 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | |
| CVE-2016-2959 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | |
| CVE-2016-10503 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803. | |
| CVE-2016-2970 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2017 | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. |