Vulnerabilities > IBM > Sametime > 8.5.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-14 | CVE-2013-3978 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 5.0 |
2014-01-31 | CVE-2013-6727 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime 8.5.2.0/8.5.2.1/9.0.0.0 The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2013-12-17 | CVE-2013-6733 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-04-28 | CVE-2013-0553 | Command Execution vulnerability in IBM Sametime Clients The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). network ibm | 3.5 |
2012-08-17 | CVE-2012-3308 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. | 4.3 |