Sametime Security Vulnerabilities and Issues — Sametime CVE List

Lucene search

IbmSametime

14 matches found

CVE•added 2014/07/26 3:55 p.m.•43 views

CVE-2014-4748

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00265EPSS

CVE•added 2012/08/17 10:31 a.m.•42 views

CVE-2012-3308

Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.

4.3CVSS5.7AI score0.0023EPSS

CVE•added 2014/05/26 4:29 a.m.•41 views

CVE-2014-0906

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.

4.3CVSS6.7AI score0.00218EPSS

CVE•added 2014/05/26 4:29 a.m.•40 views

CVE-2013-3977

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

4.3CVSS6.6AI score0.29135EPSS

CVE•added 2014/05/26 4:29 a.m.•39 views

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.

4.3CVSS6AI score0.00061EPSS

CVE•added 2013/12/17 3:21 p.m.•38 views

CVE-2013-6733

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00236EPSS

CVE•added 2017/08/29 6:29 p.m.•38 views

CVE-2016-2977

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.

4.3CVSS4.4AI score0.00242EPSS

CVE•added 2017/08/29 6:29 p.m.•37 views

CVE-2016-10503

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.

4.3CVSS4.3AI score0.00165EPSS

CVE•added 2017/08/29 9:29 p.m.•37 views

CVE-2016-2966

IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.

4.3CVSS4.4AI score0.00212EPSS

CVE•added 2017/08/29 1:35 a.m.•36 views

CVE-2016-2970

IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.

4.3CVSS4.3AI score0.00264EPSS

CVE•added 2017/08/29 6:29 p.m.•32 views

CVE-2016-2959

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.

4.3CVSS4.4AI score0.00242EPSS

CVE•added 2017/08/29 9:29 p.m.•31 views

CVE-2016-0358

IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.

4.3CVSS4.3AI score0.00212EPSS

CVE•added 2017/08/29 9:29 p.m.•29 views

CVE-2016-2976

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.

4.3CVSS4.2AI score0.00212EPSS

CVE•added 2017/08/29 6:29 p.m.•28 views

CVE-2016-2969

IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.

4.3CVSS4.5AI score0.00235EPSS