Vulnerabilities > IBM > Sametime > 9.0.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-26 | CVE-2013-3975 | Information Disclosure vulnerability in IBM Sametime Meeting Server Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. | 5.0 |
2014-05-26 | CVE-2013-3046 | Improper Authentication vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | 4.3 |
2014-03-06 | CVE-2014-0890 | Credentials Management vulnerability in IBM Sametime The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | 1.9 |
2014-02-14 | CVE-2013-6743 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | 3.5 |
2014-02-14 | CVE-2013-6742 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
2014-02-14 | CVE-2013-3988 | Improper Input Validation vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.8 |
2014-02-14 | CVE-2013-3983 | Improper Input Validation vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | 7.5 |
2014-02-14 | CVE-2013-3978 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 5.0 |
2014-01-31 | CVE-2013-6727 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime 8.5.2.0/8.5.2.1/9.0.0.0 The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |