Vulnerabilities > IBM > Sametime > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-06 | CVE-2014-0890 | Credentials Management vulnerability in IBM Sametime The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | 1.9 |
2014-02-14 | CVE-2013-6743 | Cross-Site Scripting vulnerability in IBM Sametime Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. | 3.5 |
2013-06-21 | CVE-2013-0534 | Credentials Management vulnerability in IBM Lotus Sametime and Sametime The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. | 1.9 |
2013-04-28 | CVE-2013-0553 | Command Execution vulnerability in IBM Sametime Clients The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). network ibm | 3.5 |