Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:sametime:8.0.2.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-3331 |
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. Published: February 08, 2018; 6:29:00 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2014-4748 |
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: July 26, 2014; 11:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4747 |
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. Published: July 26, 2014; 11:55:03 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3867 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. Published: May 26, 2014; 7:14:51 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3014 |
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: May 26, 2014; 12:29:16 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0906 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. Published: May 26, 2014; 12:29:16 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3984 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Published: May 26, 2014; 12:29:16 AM -0400 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2013-3982 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Published: May 26, 2014; 12:29:16 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3981 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Published: May 26, 2014; 12:29:15 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3980 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. Published: May 26, 2014; 12:29:15 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3977 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Published: May 26, 2014; 12:29:15 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-3975 |
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. Published: May 26, 2014; 12:29:15 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3046 |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. Published: May 26, 2014; 12:29:15 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6733 |
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: December 17, 2013; 10:21:28 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3308 |
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. Published: August 17, 2012; 6:31:52 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |