Vulnerabilities > IBM > Sametime > 8.5.1.0

DATE CVE VULNERABILITY TITLE RISK
2014-05-26 CVE-2013-3980 Improper Input Validation vulnerability in IBM Sametime
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.
network
low complexity
ibm CWE-20
5.0
5.0
2014-05-26 CVE-2013-3977 Improper Authentication vulnerability in IBM Sametime
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
network
ibm CWE-287
4.3
4.3
2014-05-26 CVE-2013-3975 Information Disclosure vulnerability in IBM Sametime Meeting Server
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
network
low complexity
ibm
5.0
5.0
2014-05-26 CVE-2013-3046 Improper Authentication vulnerability in IBM Sametime
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. 		4.3
4.3
2014-03-06 CVE-2014-0890 Credentials Management vulnerability in IBM Sametime
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
local
ibm CWE-255
1.9
1.9
2013-12-17 CVE-2013-6733 Cross-Site Scripting vulnerability in IBM Sametime
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2012-08-17 CVE-2012-3308 Cross-Site Scripting vulnerability in IBM Sametime
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.
network
ibm CWE-79
4.3
4.3