CVE-2016-2959

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804...

CVE-2016-0354

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893...

CVE-2016-2979

CVE-2016-2979 : Multiple documents confirm a cross-site scripting vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue allows a user to embed arbitrary JavaScript into the Web UI, potentially altering functionality and enabling credentials disclosure within a trusted ses...

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 are affected. An authenticated and invited user in a Sametime meeting could lower hands in an e-meeting, potentially spoofing vote results. The NVD entry lists CVSSv2/2.0 base score 4.0 (Medium) and CVSSv3/3.0 base score 4.3 (Medium); attack vector NETWOR...

CVE-2016-2959

IBM Sametime Meeting Server versions 8.5.2 and 9.0 are affected by CVE-2016-2959, allowing a meeting room manager to remove the primary manager privileges. The vulnerability is documented in NVD with a CVSSv2 base score of 4.0 (Network, Low attack complexity, Single authentication) and CVSSv3 bas...

CVE-2016-0355

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894...

CVE-2016-2969

CVE-2016-2969 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The vulnerability allows replies that may contain email addresses of people who should not be in those messages, constituting information disclosure. The description notes a remote attacker could exploit this to send a repl...

CVE-2016-2977

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937...

CVE-2016-2969

IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850...

CVE-2016-2979

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945...

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803...

CVE-2016-0355

CVE-2016-0355 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user who has been invited to a Sametime meeting room could stop screen sharing via a cross-site request forgery (CSRF) vulnerability. The description in the NVD entry confirms the impact is limit...

CVE-2016-2972

CVE-2016-2972 affects IBM Sametime Meeting Server 8.5.2 and 9.0, where credentials for Sametime Meetings could be stored in the local browser cache and accessed by a local user. The NVD entry lists a low CVSS v2 impact (AV:L, AC:L, C:P, I:N, A:N) and a higher CVSS v3 impact (CVSS:3.0: AV:L, AC:L,...

CVE-2016-2965

CVE-2016-2965 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue is a cross-site request forgery (CSRF) caused by improper validation of user-supplied input. By convincing a user to visit a malicious link, an attacker could force the user to log out of Sametime. Multiple source...

CVE-2016-0356

CVE-2016-0356 affects IBM Sametime Enterprise Meeting Server (versions 8.5.2 and 9.0). The issue is a cross-site request forgery that allows an authenticated user, invited to a Sametime meeting room, to cause screen sharing to stop. Root cause: CSRF in the meeting server’s screen-sharing control....

CVE-2016-0354

CVE-2016-0354 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user could upload a malicious file to a Sametime meeting room, which could then be downloaded by other users and executed with user privileges. The public sources describe this as a file upload v...

CVE-2016-2971

IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898...

CVE-2016-2965

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...

CVE-2016-2977

The CVE-2016-2977 issue affects IBM Sametime Meeting Server versions 8.5.2 and 9.0, where a malicious user could lower other users’ hands in meetings (e.g., affect voting/polling rights). Connected records corroborate exploitation of meeting controls to reduce others’ voting rights, with no expli...

CVE-2016-0356

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895...