Vulnerabilities > IBM > Sametime > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2016-2967 | Cross-site Scripting vulnerability in IBM Sametime IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-08-29 | CVE-2016-2974 | Information Exposure vulnerability in IBM Sametime IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. | 2.1 |
| 2017-08-29 | CVE-2016-2975 | Cross-site Scripting vulnerability in IBM Sametime IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-08-29 | CVE-2016-2978 | Information Exposure vulnerability in IBM Sametime IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. | 2.1 |
| 2017-08-29 | CVE-2016-2972 | Credentials Management vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. | 2.1 |
| 2017-08-29 | CVE-2016-2973 | Cross-site Scripting vulnerability in IBM Sametime IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-08-29 | CVE-2016-2979 | Cross-site Scripting vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. | 3.5 |
| 2014-07-26 | CVE-2014-4747 | Information Exposure vulnerability in IBM Sametime The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. | 2.1 |
| 2014-05-26 | CVE-2013-3984 | Information Exposure vulnerability in IBM Sametime The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2.9 |
| 2014-05-26 | CVE-2014-3014 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |