Vulnerabilities > IBM > Sametime > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-29 CVE-2016-2973 Cross-site Scripting vulnerability in IBM Sametime
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-08-29 CVE-2016-2971 Information Exposure vulnerability in IBM Sametime
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks.
network
low complexity
ibm CWE-200
5.3
2017-08-29 CVE-2016-2969 Information Exposure vulnerability in IBM Sametime
IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages.
network
low complexity
ibm CWE-200
4.3
2017-08-29 CVE-2016-2965 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2016-2959 Permissions, Privileges, and Access Controls vulnerability in IBM Sametime
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges.
network
low complexity
ibm CWE-264
4.3
2017-08-29 CVE-2016-10503 Improper Input Validation vulnerability in IBM Sametime
IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting.
network
low complexity
ibm CWE-20
4.3
2017-08-29 CVE-2016-0356 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2016-0355 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sametime
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery.
network
low complexity
ibm CWE-352
6.5
2017-08-29 CVE-2016-0354 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Sametime
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges.
network
low complexity
ibm CWE-434
5.5
2017-08-29 CVE-2016-2970 Information Exposure vulnerability in IBM Sametime
IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers.
network
low complexity
ibm CWE-200
4.3