Sametime Security Vulnerabilities and Issues — Sametime CVE List

Lucene search

IbmSametime

5 matches found

CVE•added 2014/02/14 1:10 p.m.•40 views

CVE-2013-3988

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

6.8CVSS6.7AI score0.00519EPSS

CVE•added 2014/02/14 1:10 p.m.•39 views

CVE-2013-3983

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.

7.5CVSS6.6AI score0.0035EPSS

CVE•added 2014/02/14 1:10 p.m.•37 views

CVE-2013-6743

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2014/02/14 1:10 p.m.•36 views

CVE-2013-3978

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

5CVSS6.1AI score0.00207EPSS

CVE•added 2014/02/14 1:10 p.m.•34 views

CVE-2013-6742

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

7.5CVSS6.7AI score0.00555EPSS