Ibm

Sametime

46 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-3975

  • EPSS 48.35%
  • Published 26.05.2014 04:29:15
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

4.3

CVE-2013-3046

  • EPSS 0.06%
  • Published 26.05.2014 04:29:15
  • Last modified 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by levera...

4.3

CVE-2013-3977

  • EPSS 29.14%
  • Published 26.05.2014 04:29:15
  • Last modified 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

5

CVE-2013-3980

  • EPSS 0.57%
  • Published 26.05.2014 04:29:15
  • Last modified 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.

5

CVE-2013-3981

  • EPSS 0.23%
  • Published 26.05.2014 04:29:15
  • Last modified 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

1.9

CVE-2014-0890

  • EPSS 0.05%
  • Published 06.03.2014 11:55:05
  • Last modified 12.04.2025 10:46:40

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows loc...

3.5

CVE-2013-6743

  • EPSS 0.19%
  • Published 14.02.2014 13:10:48
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.

7.5

CVE-2013-6742

  • EPSS 0.56%
  • Published 14.02.2014 13:10:48
  • Last modified 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

6.8

CVE-2013-3988

  • EPSS 0.52%
  • Published 14.02.2014 13:10:48
  • Last modified 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

7.5

CVE-2013-3983

  • EPSS 0.35%
  • Published 14.02.2014 13:10:48
  • Last modified 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.