Vulnerabilities > IBM > Sametime > 9.0.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-29 | CVE-2016-0354 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sametime IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. | 6.0 |
2017-08-29 | CVE-2016-2970 | Information Exposure vulnerability in IBM Sametime IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. | 4.0 |
2014-05-26 | CVE-2014-3867 | Information Exposure vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. | 5.0 |
2014-05-26 | CVE-2014-3014 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-05-26 | CVE-2013-3982 | Information Exposure vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. | 5.0 |
2014-05-26 | CVE-2013-3981 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | 5.0 |
2014-05-26 | CVE-2013-3980 | Improper Input Validation vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. | 5.0 |
2014-05-26 | CVE-2013-3977 | Improper Authentication vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | 4.3 |
2014-05-26 | CVE-2013-3975 | Information Disclosure vulnerability in IBM Sametime Meeting Server Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. | 5.0 |
2014-05-26 | CVE-2013-3046 | Improper Authentication vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | 4.3 |