IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-08-29
Updated
2017-09-07
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
7.5
EPSS Score
0.46%
Published
2014-02-14
Updated
2017-08-29
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.24%
Published
2014-02-14
Updated
2017-08-29
3 vulnerabilities found