Ibm

Sametime

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2016-2977

  • EPSS 0.24%
  • Veröffentlicht 29.08.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.

5.4

CVE-2016-2979

  • EPSS 0.36%
  • Veröffentlicht 29.08.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

4.3

CVE-2016-2970

  • EPSS 0.26%
  • Veröffentlicht 29.08.2017 01:35:12
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.

4.3

CVE-2014-4748

  • EPSS 0.27%
  • Veröffentlicht 26.07.2014 15:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

2.1

CVE-2014-4747

  • EPSS 0.06%
  • Veröffentlicht 26.07.2014 15:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.

5

CVE-2014-3867

  • EPSS 0.25%
  • Veröffentlicht 26.05.2014 11:14:51
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information...

3.5

CVE-2014-3014

  • EPSS 0.19%
  • Veröffentlicht 26.05.2014 04:29:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

4.3

CVE-2014-0906

  • EPSS 0.22%
  • Veröffentlicht 26.05.2014 04:29:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidat...

2.9

CVE-2013-3984

  • EPSS 0.11%
  • Veröffentlicht 26.05.2014 04:29:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss...

5

CVE-2013-3982

  • EPSS 37.25%
  • Veröffentlicht 26.05.2014 04:29:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.