Lucene search
K
IbmSametime

46 matches found

CVE
CVE
added 2014/03/06 11:0 a.m.60 views

CVE-2014-0890

IBM Sametime Connect (LAN/Enterprise) clients 8.5.1 to 9.0.0.1 are affected by an information-disclosure vulnerability (CVE-2014-0890). When a specific verbose logging level is enabled for Audio/Video chat, passwords are logged in plaintext or unencrypted in log files, allowing local users to obt...

1.9CVSS5.6AI score0.00341EPSS
CVE
CVE
added 2014/07/26 3:0 p.m.60 views

CVE-2014-4747

IBM Sametime Classic Meeting Server 8.x up to 8.5.2.1 is affected by CVE-2014-4747, where a physically proximate attacker can read the HTML source in a victim’s browser to discover a meeting password hash. The vulnerability is described as a local issue arising from access to an unattended workst...

2.1CVSS6.5AI score0.0056EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.57 views

CVE-2013-3975

IBM Sametime Meeting Server (IBM Lotus Notes Sametime) contains an information-disclosure vulnerability that lets remote attackers enumerate user identities (usernames, full names, and e-mail addresses) via a search on the web interface. Affected products/versions: IBM Sametime 8.x up to 8.5.2.1 ...

5CVSS6.6AI score0.13151EPSS
Web
CVE
CVE
added 2013/06/21 2:0 p.m.56 views

CVE-2013-0534

Affected software: IBM Sametime Connect Client (versions 8.5.1 to 8.5.2.x as described) used with Lotus Notes client. Issue: Information disclosure via persistence of cleartext password strings in process memory. Root cause (as described): password data stored in memory in cleartext, enabling loc...

1.9CVSS6AI score0.00341EPSS
CVE
CVE
added 2014/05/26 10:0 a.m.56 views

CVE-2014-3867

The CVE-2014-3867 entry concerns IBM Sametime Meeting Server versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1 that do not set the HTTPOnly flag for an unspecified cookie in an HTTPS session. This omission can allow remote attackers to access potentially sensitive data via script access to the coo...

5CVSS6.1AI score0.02049EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.55 views

CVE-2013-3982

The CVE-2013-3982 entry concerns IBM Sametime Meeting Server information disclosure. Connected sources show concrete details: vulnerable components are the Meeting Server in IBM Lotus Sametime 8.x–8.5.2.1 and 9.x–9.0.0.1, where remote attackers can retrieve installation data and technical informa...

5CVSS6.3AI score0.13151EPSS
Web
CVE
CVE
added 2014/07/26 3:0 p.m.55 views

CVE-2014-4748

CVE-2014-4748 is an XSS vulnerability in the IBM Sametime Classic Meeting Server (8.x up to 8.5.2.1). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, enabling client-side script execution. The NVD entry reports a CVSSv2 base score of 4.3 (MEDIUM) with a...

4.3CVSS5.6AI score0.01953EPSS
CVE
CVE
added 2012/08/17 10:0 a.m.54 views

CVE-2012-3308

IBM Sametime 8.0.2–8.5.2.1 is vulnerable to cross-site scripting (XSS) via an IM chat, per CVE-2012-3308. The connected documents confirm the affected version range and the basic impact (arbitrary script/HTML injection), but do not provide explicit root-cause details, affected component names, or...

4.3CVSS5.7AI score0.01792EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.53 views

CVE-2013-3046

The CVE-2013-3046 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1) failing to send the HSTS Strict-Transport-Security header. The root cause is the absence of HSTS protection, which could allow MITM attackers to hijack sessions or obtain sensitive data...

4.3CVSS6AI score0.00415EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.53 views

CVE-2013-3981

The CVE-2013-3981 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. The available documents do not specify the underlying root cause, exploi...

5CVSS6.8AI score0.01667EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.52 views

CVE-2014-0906

The CVE-2014-0906 issue affects IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability is that the server does not validate whether a session cookie is current, enabling remote attackers to perform user-search actions by using a cookie that is expired or...

4.3CVSS6.7AI score0.01373EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.52 views

CVE-2016-2967

IBM Sametime 8.5.2 and 9.0 are described as vulnerable to cross-site scripting, enabling an attacker to inject arbitrary JavaScript into the away message and potentially cause credentials disclosure within a trusted session. The vulnerability is identified as CVE-2016-2967. Connected sources reit...

5.4CVSS5.2AI score0.0072EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.52 views

CVE-2016-2978

The CVE-2016-2978 issue affects IBM Sametime 8.5.2 and 9.0. According to the linked sources, a local attacker could access potentially sensitive information that is stored in the browser cache on the affected systems. The root cause is information disclosure via cached browser data, allowing a lo...

3.3CVSS3.5AI score0.00319EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.51 views

CVE-2013-3977

CVE-2013-3977 affects IBM Sametime Meeting Server (8.x–8.5.2.1 and 9.x–9.0.0.1). The issue lets remote attackers determine which meeting rooms are owned by a user by leveraging valid usernames. A connected Metasploit module (IBM Lotus Notes Sametime Room Name Bruteforce) demonstrates practical ex...

4.3CVSS6.6AI score0.09048EPSS
Web
CVE
CVE
added 2014/05/26 1:0 a.m.51 views

CVE-2013-3984

Technical details for CVE-2013-3984 are not publicly provided in the connected documents. The materials reference related issues (e.g., CVE-2014-3867) but do not disclose affected components, versions, or remediation for this CVE. Monitor for updates.

2.9CVSS6.5AI score0.00674EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.51 views

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 are affected. An authenticated and invited user in a Sametime meeting could lower hands in an e-meeting, potentially spoofing vote results. The NVD entry lists CVSSv2/2.0 base score 4.0 (Medium) and CVSSv3/3.0 base score 4.3 (Medium); attack vector NETWOR...

4.3CVSS4.3AI score0.00676EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.51 views

CVE-2016-2974

IBM Sametime Connect versions 8.5.2 and 9.0 contain an information disclosure vulnerability where, after uninstalling the Sametime Rich Client, potentially sensitive information about the Sametime environment and other local users could be exposed. The issue is described across multiple sources (...

3.3CVSS3.6AI score0.00339EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.50 views

CVE-2013-3980

CVE-2013-3980 affects IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to cause a denial of service (room unusability) by having a large number of fictitious users enter a meeting room. The available documents do not provide...

5CVSS6.6AI score0.01731EPSS
CVE
CVE
added 2014/01/31 2:0 a.m.50 views

CVE-2013-6727

IBM Lotus Sametime Connect Client (Windows) is affected by CVE-2013-6727. The vulnerability arises because the Connect client does not properly restrict unsigned Java plugins, enabling a remote attacker to disclose confidential information via unspecified vectors. Affected versions are IBM Sameti...

5CVSS6.1AI score0.01681EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.50 views

CVE-2016-2971

IBM Sametime Media Services 8.5.2 and 9.0 are affected by a vulnerability described in CVE-2016-2971 where sensitive information could be disclosed via stack trace error logs. This information disclosure weakness may inform future attacks. The vulnerability is documented across multiple sources (...

5.3CVSS4.9AI score0.01329EPSS
CVE
CVE
added 2014/02/13 10:0 p.m.49 views

CVE-2013-3983

The CVE-2013-3983 entry concerns IBM Sametime Meeting Server where the Meeting Server versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1 do not validate URLs in Cookie headers before using them in redirects. This is the stated root cause. The impact is described as unspecified and the documents do not provid...

7.5CVSS6.6AI score0.01096EPSS
CVE
CVE
added 2014/02/13 10:0 p.m.49 views

CVE-2013-3988

Summary: The IBM Sametime Meeting Server is reported vulnerable to clickjacking for versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1. The issue is described as a remote-clickjacking risk with vectors unspecified. The cited CVSS v2 base score is 6.8 (Network, Low attack complexity, no authentication; partia...

6.8CVSS6.7AI score0.0116EPSS
CVE
CVE
added 2013/12/17 11:0 a.m.49 views

CVE-2013-6733

CVE-2013-6733 describes a cross-site scripting (XSS) vulnerability in the Web Application of the IBM Sametime Classic Meeting Server, affecting versions 7.5.1.2 through 8.5.2.1. The root cause is an XSS flaw in the Web Application component, allowing remote attackers to inject arbitrary script or...

4.3CVSS5.7AI score0.01351EPSS
CVE
CVE
added 2014/02/13 10:0 p.m.49 views

CVE-2013-6743

The CVE-2013-6743 issue affects IBM Sametime Meeting Server, specifically version ranges 8.5.2–8.5.2.1 and 9.x–9.0.0.1. It is a Cross-site Scripting (XSS) vulnerability where remote authenticated users can inject arbitrary web script/HTML via IMG element vectors. The underlying root cause is not ...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.49 views

CVE-2016-2966

CVE-2016-2966 affects IBM Sametime 8.5.1 and 9.0, where an authenticated user could enumerate meeting rooms by guessing the meeting room ID. The connected sources confirm the impact as information disclosure via room-id guessing, affecting those Sametime versions. Root cause described as an enume...

4.3CVSS4.4AI score0.01234EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.49 views

CVE-2016-2975

CVE-2016-2975 affects IBM Sametime 8.5.2 and 9.0. The issue is a cross-site scripting vulnerability in the Web UI that allows a remote attacker to inject arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. Connected records corr...

5.4CVSS5.2AI score0.0072EPSS
CVE
CVE
added 2013/04/28 1:0 a.m.48 views

CVE-2013-0553

CVE-2013-0553 affects IBM Sametime 8.5.1–8.5.2.1 (Sametime Connect, Advanced Connect, Advanced Web clients, and related products). The issue allows remote authenticated users to send commands to individual chat users or to all participants in a chat room via a crafted Sametime Instant Message. Th...

3.5CVSS6.4AI score0.00772EPSS
CVE
CVE
added 2017/08/28 8:0 p.m.48 views

CVE-2016-2970

The CVE-2016-2970 entry concerns IBM Sametime 8.5 and 9.0 Meetings Server, where error messages may disclose detailed information about the application. The underlying issue is information disclosure via verbose error output, which could aid an attacker in understanding the software. Impact detai...

4.3CVSS4.3AI score0.01093EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.48 views

CVE-2016-2977

The CVE-2016-2977 issue affects IBM Sametime Meeting Server versions 8.5.2 and 9.0, where a malicious user could lower other users’ hands in meetings (e.g., affect voting/polling rights). Connected records corroborate exploitation of meeting controls to reduce others’ voting rights, with no expli...

4.3CVSS4.4AI score0.00939EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.48 views

CVE-2016-2980

The vulnerability CVE-2016-2980 affects IBM Sametime WebPlayer versions 8.5.2 and 9.0, described as a script injection flaw arising from how the WebPlayer handles content. A remote attacker could exploit this via a malicious website to inject their own script. The connected documents corroborate ...

6.8CVSS6.2AI score0.01008EPSS
CVE
CVE
added 2014/02/13 10:0 p.m.46 views

CVE-2013-3978

The CVE concerns IBM Sametime Meeting Server versions 8.5.2.x and 9.x (up to 9.0.0.1). The issue is that the Meeting Server does not send proper HTTP cache-control headers, allowing an attacker with access to an unattended workstation to view cached sensitive information. The description does not...

5CVSS6.1AI score0.01173EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.46 views

CVE-2016-2964

CVE-2016-2964 affects IBM Sametime versions 8.5.2 and 9.0. The vulnerability arises when an error message shown to a user is overly detailed and may reveal internal details about the application, leading to potential information disclosure. According to the linked sources, this impacts confidenti...

5.3CVSS5.1AI score0.01271EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.45 views

CVE-2016-2979

CVE-2016-2979 : Multiple documents confirm a cross-site scripting vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue allows a user to embed arbitrary JavaScript into the Web UI, potentially altering functionality and enabling credentials disclosure within a trusted ses...

5.4CVSS5.2AI score0.00754EPSS
CVE
CVE
added 2014/02/13 10:0 p.m.44 views

CVE-2013-6742

The CVE-2013-6742 entry concerns IBM Sametime Meeting Server (versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1). The issue is that the password field does not disable autocomplete, which could allow an attacker with access to an unattended workstation to obtain credentials. No exploitation details, specifi...

7.5CVSS6.7AI score0.01309EPSS
CVE
CVE
added 2014/05/26 1:0 a.m.44 views

CVE-2014-3014

CVE-2014-3014 is a cross-site scripting (XSS) vulnerability in the IBM Sametime Meeting Server. It affects IBM Sametime 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The provided documents do not include expl...

3.5CVSS5.2AI score0.01402EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.44 views

CVE-2016-0354

CVE-2016-0354 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user could upload a malicious file to a Sametime meeting room, which could then be downloaded by other users and executed with user privileges. The public sources describe this as a file upload v...

6CVSS5.2AI score0.00769EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.44 views

CVE-2016-2965

CVE-2016-2965 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue is a cross-site request forgery (CSRF) caused by improper validation of user-supplied input. By convincing a user to visit a malicious link, an attacker could force the user to log out of Sametime. Multiple source...

6.5CVSS6.2AI score0.00796EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.43 views

CVE-2016-0355

CVE-2016-0355 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user who has been invited to a Sametime meeting room could stop screen sharing via a cross-site request forgery (CSRF) vulnerability. The description in the NVD entry confirms the impact is limit...

6.5CVSS6.1AI score0.00712EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.43 views

CVE-2016-2959

IBM Sametime Meeting Server versions 8.5.2 and 9.0 are affected by CVE-2016-2959, allowing a meeting room manager to remove the primary manager privileges. The vulnerability is documented in NVD with a CVSSv2 base score of 4.0 (Network, Low attack complexity, Single authentication) and CVSSv3 bas...

4.3CVSS4.4AI score0.00939EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.43 views

CVE-2016-2973

CVE-2016-2973 affects IBM Sametime Media Services 8.5.2 and 9.0. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. No exploit, root-cau...

5.4CVSS5.2AI score0.00754EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.43 views

CVE-2016-2976

CVE-2016-2976 corresponds to an information-disclosure vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The CVE entry describes that a meeting invitee could obtain previously cleared sensitive information by viewing the meeting report history. Connected sources (CNVD-2017-2754...

4.3CVSS4.2AI score0.00951EPSS
CVE
CVE
added 2017/08/29 9:0 p.m.42 views

CVE-2016-0358

CVE-2016-0358 affects IBM Sametime 8.5.2 and 9.0. An unauthorized authenticated user could enumerate group chat ID numbers and join meetings to which they were not invited. The connected sources (NVD, CNVD, PRION, CVE lists) confirm the existence of this vulnerability and its impact but do not pr...

4.3CVSS4.3AI score0.00962EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.41 views

CVE-2016-0356

CVE-2016-0356 affects IBM Sametime Enterprise Meeting Server (versions 8.5.2 and 9.0). The issue is a cross-site request forgery that allows an authenticated user, invited to a Sametime meeting room, to cause screen sharing to stop. Root cause: CSRF in the meeting server’s screen-sharing control....

6.5CVSS6.1AI score0.00712EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.40 views

CVE-2016-2972

CVE-2016-2972 affects IBM Sametime Meeting Server 8.5.2 and 9.0, where credentials for Sametime Meetings could be stored in the local browser cache and accessed by a local user. The NVD entry lists a low CVSS v2 impact (AV:L, AC:L, C:P, I:N, A:N) and a higher CVSS v3 impact (CVSS:3.0: AV:L, AC:L,...

7.8CVSS7.1AI score0.00345EPSS
CVE
CVE
added 2017/08/29 6:0 p.m.39 views

CVE-2016-2969

CVE-2016-2969 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The vulnerability allows replies that may contain email addresses of people who should not be in those messages, constituting information disclosure. The description notes a remote attacker could exploit this to send a repl...

4.3CVSS4.5AI score0.00995EPSS
CVE
CVE
added 2018/02/08 11:0 p.m.38 views

CVE-2012-3331

IBM Sametime is affected by an information-disclosure vulnerability where remote attackers can obtain sensitive data from the Sametime Log database by making a direct request to STLOG.NSF. The available references describe the issue as an information leak (X-Force ID 78048) but do not provide pro...

5.3CVSS4.9AI score0.01735EPSS