CVE-2016-2975

CVE-2016-2975 affects IBM Sametime 8.5.2 and 9.0. The issue is a cross-site scripting vulnerability in the Web UI that allows a remote attacker to inject arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. Connected records corr...

CVE-2016-2978

The CVE-2016-2978 issue affects IBM Sametime 8.5.2 and 9.0. According to the linked sources, a local attacker could access potentially sensitive information that is stored in the browser cache on the affected systems. The root cause is information disclosure via cached browser data, allowing a lo...

CVE-2016-2967

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848...

CVE-2016-2975

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935...

CVE-2016-2966

IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847...

CVE-2016-2964

IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813...

CVE-2016-0358

CVE-2016-0358 affects IBM Sametime 8.5.2 and 9.0. An unauthorized authenticated user could enumerate group chat ID numbers and join meetings to which they were not invited. The connected sources (NVD, CNVD, PRION, CVE lists) confirm the existence of this vulnerability and its impact but do not pr...

CVE-2016-2980

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993...

CVE-2016-2976

CVE-2016-2976 corresponds to an information-disclosure vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The CVE entry describes that a meeting invitee could obtain previously cleared sensitive information by viewing the meeting report history. Connected sources (CNVD-2017-2754...

CVE-2016-2974

IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934...

CVE-2016-2966

CVE-2016-2966 affects IBM Sametime 8.5.1 and 9.0, where an authenticated user could enumerate meeting rooms by guessing the meeting room ID. The connected sources confirm the impact as information disclosure via room-id guessing, affecting those Sametime versions. Root cause described as an enume...

CVE-2016-2976

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936...

CVE-2016-0358

IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928...

CVE-2016-2974

IBM Sametime Connect versions 8.5.2 and 9.0 contain an information disclosure vulnerability where, after uninstalling the Sametime Rich Client, potentially sensitive information about the Sametime environment and other local users could be exposed. The issue is described across multiple sources (...

CVE-2016-2969

IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850...

CVE-2016-2979

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945...

CVE-2016-0355

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894...

CVE-2016-2977

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937...

CVE-2016-2965

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...

Cross site request forgery (csrf)

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...