CVE-2013-3046

The CVE-2013-3046 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1) failing to send the HSTS Strict-Transport-Security header. The root cause is the absence of HSTS protection, which could allow MITM attackers to hijack sessions or obtain sensitive data...

CVE-2013-3975

IBM Sametime Meeting Server (IBM Lotus Notes Sametime) contains an information-disclosure vulnerability that lets remote attackers enumerate user identities (usernames, full names, and e-mail addresses) via a search on the web interface. Affected products/versions: IBM Sametime 8.x up to 8.5.2.1 ...

CVE-2014-3014

Cross-site scripting XSS vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-3982

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page...

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

CVE-2014-3015

Cross-site request forgery CSRF vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2014-3015

Cross-site request forgery CSRF vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2014-3015

CVE-2014-3015 affects IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1. The Web player component is vulnerable to cross-site request forgery (CSRF), enabling remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. The vulnerability orig...

IBM Sametime Connect日志信息泄漏漏洞

Bugtraq ID:65937 CVE ID:CVE-2014-0890 IBM Sametime提供了一套整合的企业级即时通讯软件,能够更轻松地查找和联系同事、客户和业务合作伙伴,并展开协作,极大地提高员工实时沟通的能力。 如果用户设置日志标记至高级别，使用Audio/Video聊天时，应用会把用户密码以明文方式或编码的方式存储，允许攻击者利用漏洞获取敏感信息。 0 IBM Sametime Connect 8.5.1 IBM Sametime Connect 8.5.1.1 IBM Sametime Connect 8.5.1.2 IBM Sametime Connect 8.5....

IBM Lotus Sametime Connect Audio / Video Chat Information Disclosure

The version of IBM Lotus Sametime Connect installed on the remote Windows host is potentially affected by an information disclosure vulnerability. If a user sets a certain log flag to high and uses Audio/Video chat, the user's password is stored in plaintext unencrypted. C Tenable Network Securit...

CVE-2014-0890

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony..level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by...

Information disclosure

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony..level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by...

CVE-2014-0890

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony..level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by...

CVE-2014-0890

IBM Sametime Connect (LAN/Enterprise) clients 8.5.1 to 9.0.0.1 are affected by an information-disclosure vulnerability (CVE-2014-0890). When a specific verbose logging level is enabled for Audio/Video chat, passwords are logged in plaintext or unencrypted in log files, allowing local users to obt...

IBM Sametime Connect信息泄露漏洞(CVE-2014-0890)

BUGTRAQ ID: 65937 CVECAN ID: CVE-2014-0890 IBM& Sametime 产品将实时社交通信功能集成到业务环境中，通过即时消息传递、在线会议、语音、视频和数据，实现统一的用户体验。 IBM Sametime Connect 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, 9.0.0.1版本在实现上存在信息泄露漏洞，如果用户将特殊的日志标记设置为高级并使用音频、视频聊天，则该用户的密码将以明文或编码（未加密）形式记录。攻击者可利用此漏洞获取敏感信息。 0 IBM Sametime Connect 9.0.0...

IBM Lotus SameTime information leakage

Username and password are logged to file...

Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1

Exploit Title: Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 Google Dork: n/a Date: 18/02/2014 Exploit Author: Adriano Marcio Monteiro [email protected] Vendor Homepage: http://www.ibm.com/us/en/ Software Link:...

Lotus Sametime 8.5.1 Password Disclosure

Exploit Title: Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 Google Dork: n/a Date: 18/02/2014 Exploit Author: Adriano Marcio Monteiro Vendor Homepage: http://www.ibm.com/us/en/ Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg24027054 Version: 8.5.1...

IBM Lotus Sametime Connect Client Information Disclosure

The version of IBM Lotus Sametime Connect installed on the remote Windows host is potentially affected by an information disclosure vulnerability. A flaw in the application allows installation and execution of unsigned Java plugins, which may access confidential user information. C Tenable Networ...