Vulnerabilities > IBM > Sametime > 9.0.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-06 | CVE-2014-0890 | Credentials Management vulnerability in IBM Sametime The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | 1.9 |
2014-02-14 | CVE-2013-6743 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | 3.5 |
2014-02-14 | CVE-2013-6742 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
2014-02-14 | CVE-2013-3988 | Improper Input Validation vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 6.8 |
2014-02-14 | CVE-2013-3983 | Improper Input Validation vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | 7.5 |
2014-02-14 | CVE-2013-3978 | Permissions, Privileges, and Access Controls vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 5.0 |