Sametime
by IBM
CVEs (68)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3984 | 0.00 | — | 0.01 | May 26, 2014 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||
| CVE-2013-3981 | 0.00 | — | 0.02 | May 26, 2014 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||
| CVE-2013-3980 | 0.00 | — | 0.02 | May 26, 2014 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. | |||
| CVE-2013-3046 | 0.00 | — | 0.00 | May 26, 2014 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP… | |||
| CVE-2014-0890 | 0.00 | — | 0.00 | Mar 6, 2014 | The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive… | |||
| CVE-2013-6743 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | |||
| CVE-2013-3988 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2013-6742 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||
| CVE-2013-3983 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-3978 | 0.00 | — | 0.01 | Feb 14, 2014 | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended… | |||
| CVE-2013-6727 | 0.00 | — | 0.02 | Jan 31, 2014 | The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-6733 | 0.00 | — | 0.01 | Dec 17, 2013 | Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3985 | 0.00 | — | 0.01 | Nov 9, 2013 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | |||
| CVE-2013-3045 | 0.00 | — | 0.01 | Nov 9, 2013 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. | |||
| CVE-2013-3044 | 0.00 | — | 0.01 | Nov 9, 2013 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges. | |||
| CVE-2013-0537 | 0.00 | — | 0.01 | Nov 9, 2013 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. | |||
| CVE-2013-0534 | 0.00 | — | 0.00 | Jun 21, 2013 | The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. | |||
| CVE-2013-0535 | 0.00 | — | 0.01 | May 2, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0553 | 0.00 | — | 0.01 | Apr 28, 2013 | The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all… | |||
| CVE-2013-0533 | 0.00 | — | 0.01 | Apr 28, 2013 | Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2013-3984May 26, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
- CVE-2013-3981May 26, 2014risk 0.00cvss —epss 0.02
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.
- CVE-2013-3980May 26, 2014risk 0.00cvss —epss 0.02
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.
- CVE-2013-3046May 26, 2014risk 0.00cvss —epss 0.00
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP…
- CVE-2014-0890Mar 6, 2014risk 0.00cvss —epss 0.00
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive…
- CVE-2013-6743Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
- CVE-2013-3988Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
- CVE-2013-6742Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
- CVE-2013-3983Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
- CVE-2013-3978Feb 14, 2014risk 0.00cvss —epss 0.01
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended…
- CVE-2013-6727Jan 31, 2014risk 0.00cvss —epss 0.02
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2013-6733Dec 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3985Nov 9, 2013risk 0.00cvss —epss 0.01
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.
- CVE-2013-3045Nov 9, 2013risk 0.00cvss —epss 0.01
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.
- CVE-2013-3044Nov 9, 2013risk 0.00cvss —epss 0.01
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges.
- CVE-2013-0537Nov 9, 2013risk 0.00cvss —epss 0.01
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.
- CVE-2013-0534Jun 21, 2013risk 0.00cvss —epss 0.00
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.
- CVE-2013-0535May 2, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-0553Apr 28, 2013risk 0.00cvss —epss 0.01
The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all…
- CVE-2013-0533Apr 28, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Page 3 of 4