CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » Sametime : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-10503 20 2017-08-29 2017-09-02
4.0
None Remote Low Single system None Partial None
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.
2 CVE-2016-2980 74 2017-08-29 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.
3 CVE-2016-2979 79 XSS 2017-08-29 2017-09-06
3.5
None Remote Medium Single system None Partial None
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
4 CVE-2016-2978 200 +Info 2017-08-29 2017-09-02
2.1
None Local Low Not required Partial None None
IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.
5 CVE-2016-2977 20 2017-08-29 2017-09-06
4.0
None Remote Low Single system None Partial None
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
6 CVE-2016-2976 200 +Info 2017-08-29 2017-09-02
4.0
None Remote Low Single system Partial None None
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.
7 CVE-2016-2975 79 XSS 2017-08-29 2017-09-02
3.5
None Remote Medium Single system None Partial None
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935.
8 CVE-2016-2974 200 +Info 2017-08-29 2017-09-01
2.1
None Local Low Not required Partial None None
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.
9 CVE-2016-2973 79 XSS 2017-08-29 2017-09-06
3.5
None Remote Medium Single system None Partial None
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899.
10 CVE-2016-2972 255 2017-08-29 2017-09-06
2.1
None Local Low Not required Partial None None
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
11 CVE-2016-2971 200 +Info 2017-08-29 2017-09-06
5.0
None Remote Low Not required Partial None None
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
12 CVE-2016-2970 200 +Info 2017-08-28 2017-09-04
4.0
None Remote Low Single system Partial None None
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.
13 CVE-2016-2969 200 +Info 2017-08-29 2017-09-06
4.0
None Remote Low Single system Partial None None
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.
14 CVE-2016-2967 79 XSS 2017-08-29 2017-09-02
3.5
None Remote Medium Single system None Partial None
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.
15 CVE-2016-2966 200 +Info 2017-08-29 2017-09-02
4.0
None Remote Low Single system Partial None None
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.
16 CVE-2016-2965 352 CSRF 2017-08-29 2017-09-06
4.3
None Remote Medium Not required None None Partial
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.
17 CVE-2016-2964 200 +Info 2017-08-29 2017-09-02
5.0
None Remote Low Not required Partial None None
IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813.
18 CVE-2016-2959 264 2017-08-29 2017-09-06
4.0
None Remote Low Single system None Partial None
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.
19 CVE-2016-0358 200 +Info 2017-08-29 2017-09-03
4.0
None Remote Low Single system Partial None None
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
20 CVE-2016-0356 352 CSRF 2017-08-29 2017-09-06
4.0
None Remote Low Single system None None Partial
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.
21 CVE-2016-0355 352 CSRF 2017-08-29 2017-09-06
4.0
None Remote Low Single system None None Partial
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.
22 CVE-2016-0354 434 2017-08-29 2017-09-06
6.0
None Remote Medium Single system Partial Partial Partial
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
23 CVE-2014-4748 79 XSS 2014-07-26 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
24 CVE-2014-4747 200 +Info 2014-07-26 2017-01-06
2.1
None Local Low Not required Partial None None
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.
25 CVE-2014-3867 200 +Info 2014-05-26 2017-08-28
5.0
None Remote Low Not required Partial None None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.
26 CVE-2014-3014 79 XSS 2014-05-26 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
27 CVE-2014-0906 264 2014-05-26 2017-08-28
4.3
None Remote Medium Not required None Partial None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.
28 CVE-2014-0890 255 +Info 2014-03-06 2017-08-28
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
29 CVE-2013-6743 79 XSS 2014-02-14 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
30 CVE-2013-6742 264 2014-02-14 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
31 CVE-2013-6733 79 XSS 2013-12-17 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
32 CVE-2013-6727 264 +Info 2014-01-31 2017-08-28
5.0
None Remote Low Not required Partial None None
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors.
33 CVE-2013-3988 20 2014-02-14 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
34 CVE-2013-3984 200 +Info 2014-05-26 2017-08-28
2.9
None Local Network Medium Not required Partial None None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
35 CVE-2013-3983 20 2014-02-14 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
36 CVE-2013-3982 200 +Info 2014-05-26 2017-08-28
5.0
None Remote Low Not required Partial None None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
37 CVE-2013-3981 264 2014-05-26 2017-08-28
5.0
None Remote Low Not required Partial None None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.
38 CVE-2013-3980 20 DoS 2014-05-26 2017-08-28
5.0
None Remote Low Not required None None Partial
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.
39 CVE-2013-3978 264 +Info 2014-02-14 2017-08-28
5.0
None Remote Low Not required Partial None None
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
40 CVE-2013-3977 287 2014-05-26 2017-08-28
4.3
None Remote Medium Not required Partial None None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
41 CVE-2013-3975 2014-05-26 2017-08-28
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
42 CVE-2013-3046 287 +Info 2014-05-26 2017-08-28
4.3
None Local Network Medium Not required Partial Partial None
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.
43 CVE-2013-0553 2013-04-27 2017-08-28
3.5
None Remote Medium Single system None Partial None
The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM).
44 CVE-2013-0534 255 +Info 2013-06-21 2017-08-28
1.9
None Local Medium Not required Partial None None
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory.
45 CVE-2012-3308 79 XSS 2012-08-17 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.