46 matches found
CVE-2014-0890
IBM Sametime Connect (LAN/Enterprise) clients 8.5.1 to 9.0.0.1 are affected by an information-disclosure vulnerability (CVE-2014-0890). When a specific verbose logging level is enabled for Audio/Video chat, passwords are logged in plaintext or unencrypted in log files, allowing local users to obt...
CVE-2014-4747
IBM Sametime Classic Meeting Server 8.x up to 8.5.2.1 is affected by CVE-2014-4747, where a physically proximate attacker can read the HTML source in a victim’s browser to discover a meeting password hash. The vulnerability is described as a local issue arising from access to an unattended workst...
CVE-2013-0534
Affected software: IBM Sametime Connect Client (versions 8.5.1 to 8.5.2.x as described) used with Lotus Notes client. Issue: Information disclosure via persistence of cleartext password strings in process memory. Root cause (as described): password data stored in memory in cleartext, enabling loc...
CVE-2013-3975
IBM Sametime Meeting Server (IBM Lotus Notes Sametime) contains an information-disclosure vulnerability that lets remote attackers enumerate user identities (usernames, full names, and e-mail addresses) via a search on the web interface. Affected products/versions: IBM Sametime 8.x up to 8.5.2.1 ...
CVE-2014-3867
The CVE-2014-3867 entry concerns IBM Sametime Meeting Server versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1 that do not set the HTTPOnly flag for an unspecified cookie in an HTTPS session. This omission can allow remote attackers to access potentially sensitive data via script access to the coo...
CVE-2013-3982
The CVE-2013-3982 entry concerns IBM Sametime Meeting Server information disclosure. Connected sources show concrete details: vulnerable components are the Meeting Server in IBM Lotus Sametime 8.x–8.5.2.1 and 9.x–9.0.0.1, where remote attackers can retrieve installation data and technical informa...
CVE-2014-4748
CVE-2014-4748 is an XSS vulnerability in the IBM Sametime Classic Meeting Server (8.x up to 8.5.2.1). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, enabling client-side script execution. The NVD entry reports a CVSSv2 base score of 4.3 (MEDIUM) with a...
CVE-2012-3308
IBM Sametime 8.0.2–8.5.2.1 is vulnerable to cross-site scripting (XSS) via an IM chat, per CVE-2012-3308. The connected documents confirm the affected version range and the basic impact (arbitrary script/HTML injection), but do not provide explicit root-cause details, affected component names, or...
CVE-2013-3046
The CVE-2013-3046 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1) failing to send the HSTS Strict-Transport-Security header. The root cause is the absence of HSTS protection, which could allow MITM attackers to hijack sessions or obtain sensitive data...
CVE-2013-3981
The CVE-2013-3981 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. The available documents do not specify the underlying root cause, exploi...
CVE-2014-0906
The CVE-2014-0906 issue affects IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability is that the server does not validate whether a session cookie is current, enabling remote attackers to perform user-search actions by using a cookie that is expired or...
CVE-2016-2967
IBM Sametime 8.5.2 and 9.0 are described as vulnerable to cross-site scripting, enabling an attacker to inject arbitrary JavaScript into the away message and potentially cause credentials disclosure within a trusted session. The vulnerability is identified as CVE-2016-2967. Connected sources reit...
CVE-2016-2978
The CVE-2016-2978 issue affects IBM Sametime 8.5.2 and 9.0. According to the linked sources, a local attacker could access potentially sensitive information that is stored in the browser cache on the affected systems. The root cause is information disclosure via cached browser data, allowing a lo...
CVE-2013-3977
CVE-2013-3977 affects IBM Sametime Meeting Server (8.x–8.5.2.1 and 9.x–9.0.0.1). The issue lets remote attackers determine which meeting rooms are owned by a user by leveraging valid usernames. A connected Metasploit module (IBM Lotus Notes Sametime Room Name Bruteforce) demonstrates practical ex...
CVE-2013-3984
Technical details for CVE-2013-3984 are not publicly provided in the connected documents. The materials reference related issues (e.g., CVE-2014-3867) but do not disclose affected components, versions, or remediation for this CVE. Monitor for updates.
CVE-2016-10503
IBM Sametime Meeting Server 8.5.2 and 9.0 are affected. An authenticated and invited user in a Sametime meeting could lower hands in an e-meeting, potentially spoofing vote results. The NVD entry lists CVSSv2/2.0 base score 4.0 (Medium) and CVSSv3/3.0 base score 4.3 (Medium); attack vector NETWOR...
CVE-2016-2974
IBM Sametime Connect versions 8.5.2 and 9.0 contain an information disclosure vulnerability where, after uninstalling the Sametime Rich Client, potentially sensitive information about the Sametime environment and other local users could be exposed. The issue is described across multiple sources (...
CVE-2013-3980
CVE-2013-3980 affects IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to cause a denial of service (room unusability) by having a large number of fictitious users enter a meeting room. The available documents do not provide...
CVE-2013-3988
Summary: The IBM Sametime Meeting Server is reported vulnerable to clickjacking for versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1. The issue is described as a remote-clickjacking risk with vectors unspecified. The cited CVSS v2 base score is 6.8 (Network, Low attack complexity, no authentication; partia...
CVE-2013-6727
IBM Lotus Sametime Connect Client (Windows) is affected by CVE-2013-6727. The vulnerability arises because the Connect client does not properly restrict unsigned Java plugins, enabling a remote attacker to disclose confidential information via unspecified vectors. Affected versions are IBM Sameti...
CVE-2016-2971
IBM Sametime Media Services 8.5.2 and 9.0 are affected by a vulnerability described in CVE-2016-2971 where sensitive information could be disclosed via stack trace error logs. This information disclosure weakness may inform future attacks. The vulnerability is documented across multiple sources (...
CVE-2016-2977
The CVE-2016-2977 issue affects IBM Sametime Meeting Server versions 8.5.2 and 9.0, where a malicious user could lower other users’ hands in meetings (e.g., affect voting/polling rights). Connected records corroborate exploitation of meeting controls to reduce others’ voting rights, with no expli...
CVE-2013-3983
The CVE-2013-3983 entry concerns IBM Sametime Meeting Server where the Meeting Server versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1 do not validate URLs in Cookie headers before using them in redirects. This is the stated root cause. The impact is described as unspecified and the documents do not provid...
CVE-2013-6733
CVE-2013-6733 describes a cross-site scripting (XSS) vulnerability in the Web Application of the IBM Sametime Classic Meeting Server, affecting versions 7.5.1.2 through 8.5.2.1. The root cause is an XSS flaw in the Web Application component, allowing remote attackers to inject arbitrary script or...
CVE-2013-6743
The CVE-2013-6743 issue affects IBM Sametime Meeting Server, specifically version ranges 8.5.2–8.5.2.1 and 9.x–9.0.0.1. It is a Cross-site Scripting (XSS) vulnerability where remote authenticated users can inject arbitrary web script/HTML via IMG element vectors. The underlying root cause is not ...
CVE-2016-2966
CVE-2016-2966 affects IBM Sametime 8.5.1 and 9.0, where an authenticated user could enumerate meeting rooms by guessing the meeting room ID. The connected sources confirm the impact as information disclosure via room-id guessing, affecting those Sametime versions. Root cause described as an enume...
CVE-2016-2975
CVE-2016-2975 affects IBM Sametime 8.5.2 and 9.0. The issue is a cross-site scripting vulnerability in the Web UI that allows a remote attacker to inject arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. Connected records corr...
CVE-2013-0553
CVE-2013-0553 affects IBM Sametime 8.5.1–8.5.2.1 (Sametime Connect, Advanced Connect, Advanced Web clients, and related products). The issue allows remote authenticated users to send commands to individual chat users or to all participants in a chat room via a crafted Sametime Instant Message. Th...
CVE-2016-2970
The CVE-2016-2970 entry concerns IBM Sametime 8.5 and 9.0 Meetings Server, where error messages may disclose detailed information about the application. The underlying issue is information disclosure via verbose error output, which could aid an attacker in understanding the software. Impact detai...
CVE-2016-2980
The vulnerability CVE-2016-2980 affects IBM Sametime WebPlayer versions 8.5.2 and 9.0, described as a script injection flaw arising from how the WebPlayer handles content. A remote attacker could exploit this via a malicious website to inject their own script. The connected documents corroborate ...
CVE-2013-3978
The CVE concerns IBM Sametime Meeting Server versions 8.5.2.x and 9.x (up to 9.0.0.1). The issue is that the Meeting Server does not send proper HTTP cache-control headers, allowing an attacker with access to an unattended workstation to view cached sensitive information. The description does not...
CVE-2016-2964
CVE-2016-2964 affects IBM Sametime versions 8.5.2 and 9.0. The vulnerability arises when an error message shown to a user is overly detailed and may reveal internal details about the application, leading to potential information disclosure. According to the linked sources, this impacts confidenti...
CVE-2013-6742
The CVE-2013-6742 entry concerns IBM Sametime Meeting Server (versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1). The issue is that the password field does not disable autocomplete, which could allow an attacker with access to an unattended workstation to obtain credentials. No exploitation details, specifi...
CVE-2016-2979
CVE-2016-2979 : Multiple documents confirm a cross-site scripting vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue allows a user to embed arbitrary JavaScript into the Web UI, potentially altering functionality and enabling credentials disclosure within a trusted ses...
CVE-2014-3014
CVE-2014-3014 is a cross-site scripting (XSS) vulnerability in the IBM Sametime Meeting Server. It affects IBM Sametime 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The provided documents do not include expl...
CVE-2016-0354
CVE-2016-0354 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user could upload a malicious file to a Sametime meeting room, which could then be downloaded by other users and executed with user privileges. The public sources describe this as a file upload v...
CVE-2016-2965
CVE-2016-2965 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The issue is a cross-site request forgery (CSRF) caused by improper validation of user-supplied input. By convincing a user to visit a malicious link, an attacker could force the user to log out of Sametime. Multiple source...
CVE-2016-0355
CVE-2016-0355 affects IBM Sametime Enterprise Meeting Server versions 8.5.2 and 9.0. An authenticated user who has been invited to a Sametime meeting room could stop screen sharing via a cross-site request forgery (CSRF) vulnerability. The description in the NVD entry confirms the impact is limit...
CVE-2016-2959
IBM Sametime Meeting Server versions 8.5.2 and 9.0 are affected by CVE-2016-2959, allowing a meeting room manager to remove the primary manager privileges. The vulnerability is documented in NVD with a CVSSv2 base score of 4.0 (Network, Low attack complexity, Single authentication) and CVSSv3 bas...
CVE-2016-2973
CVE-2016-2973 affects IBM Sametime Media Services 8.5.2 and 9.0. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. No exploit, root-cau...
CVE-2016-2976
CVE-2016-2976 corresponds to an information-disclosure vulnerability in IBM Sametime Meeting Server versions 8.5.2 and 9.0. The CVE entry describes that a meeting invitee could obtain previously cleared sensitive information by viewing the meeting report history. Connected sources (CNVD-2017-2754...
CVE-2016-0358
CVE-2016-0358 affects IBM Sametime 8.5.2 and 9.0. An unauthorized authenticated user could enumerate group chat ID numbers and join meetings to which they were not invited. The connected sources (NVD, CNVD, PRION, CVE lists) confirm the existence of this vulnerability and its impact but do not pr...
CVE-2016-0356
CVE-2016-0356 affects IBM Sametime Enterprise Meeting Server (versions 8.5.2 and 9.0). The issue is a cross-site request forgery that allows an authenticated user, invited to a Sametime meeting room, to cause screen sharing to stop. Root cause: CSRF in the meeting server’s screen-sharing control....
CVE-2016-2972
CVE-2016-2972 affects IBM Sametime Meeting Server 8.5.2 and 9.0, where credentials for Sametime Meetings could be stored in the local browser cache and accessed by a local user. The NVD entry lists a low CVSS v2 impact (AV:L, AC:L, C:P, I:N, A:N) and a higher CVSS v3 impact (CVSS:3.0: AV:L, AC:L,...
CVE-2016-2969
CVE-2016-2969 affects IBM Sametime Meeting Server versions 8.5.2 and 9.0. The vulnerability allows replies that may contain email addresses of people who should not be in those messages, constituting information disclosure. The description notes a remote attacker could exploit this to send a repl...
CVE-2012-3331
IBM Sametime is affected by an information-disclosure vulnerability where remote attackers can obtain sensitive data from the Sametime Log database by making a direct request to STLOG.NSF. The available references describe the issue as an information leak (X-Force ID 78048) but do not provide pro...