Ibm

Sametime

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-3975

  • EPSS 48.35%
  • Veröffentlicht 26.05.2014 04:29:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

4.3

CVE-2013-3046

  • EPSS 0.06%
  • Veröffentlicht 26.05.2014 04:29:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by levera...

4.3

CVE-2013-3977

  • EPSS 29.14%
  • Veröffentlicht 26.05.2014 04:29:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

5

CVE-2013-3980

  • EPSS 0.57%
  • Veröffentlicht 26.05.2014 04:29:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.

5

CVE-2013-3981

  • EPSS 0.23%
  • Veröffentlicht 26.05.2014 04:29:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.

1.9

CVE-2014-0890

  • EPSS 0.05%
  • Veröffentlicht 06.03.2014 11:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows loc...

3.5

CVE-2013-6743

  • EPSS 0.19%
  • Veröffentlicht 14.02.2014 13:10:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.

7.5

CVE-2013-6742

  • EPSS 0.56%
  • Veröffentlicht 14.02.2014 13:10:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

6.8

CVE-2013-3988

  • EPSS 0.52%
  • Veröffentlicht 14.02.2014 13:10:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

7.5

CVE-2013-3983

  • EPSS 0.35%
  • Veröffentlicht 14.02.2014 13:10:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.