Ibm Sametime
45 CVEs affecting Ibm Sametime. Latest disclosed: 2017-08-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-2972 | High | 7.8 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by… |
CVE-2016-2965 | Medium | 6.5 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a us… |
CVE-2016-0356 | Medium | 6.5 | 2017-08-29 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sh… |
CVE-2016-0355 | Medium | 6.5 | 2017-08-29 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sh… |
CVE-2016-2980 | Medium | 6.3 | 2017-08-29 | The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in th… |
CVE-2016-0354 | Medium | 5.5 | 2017-08-29 | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be dow… |
CVE-2016-2975 | Medium | 5.4 | 2017-08-29 | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alterin… |
CVE-2016-2967 | Medium | 5.4 | 2017-08-29 | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away messa… |
CVE-2016-2979 | Medium | 5.4 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2016-2973 | Medium | 5.4 | 2017-08-29 | IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2016-2964 | Medium | 5.3 | 2017-08-29 | IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM… |
CVE-2016-2971 | Medium | 5.3 | 2017-08-29 | IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Forc… |
CVE-2016-2976 | Medium | 4.3 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report histor… |
CVE-2016-2966 | Medium | 4.3 | 2017-08-29 | IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. |
CVE-2016-0358 | Medium | 4.3 | 2017-08-29 | IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM… |
CVE-2016-2977 | Medium | 4.3 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. |
CVE-2016-2969 | Medium | 4.3 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. |
CVE-2016-2959 | Medium | 4.3 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. |
CVE-2016-10503 | Medium | 4.3 | 2017-08-29 | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spo… |
CVE-2016-2970 | Medium | 4.3 | 2017-08-29 | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attack… |