CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-3981
https://notcve.org/view.php?id=CVE-2013-3981
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descargar fotografías avatar de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84907 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0CVE-2014-0890
https://notcve.org/view.php?id=CVE-2014-0890
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. El cliente Connect en IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0 y 9.0.0.1, cuando cierta configuración com.ibm.collaboration.realtime.telephony.*.level está habilitada, registra contraseñas en texto plano durante sesiones de chat de Audio/Vídeo, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg21665658 https://exchange.xforce.ibmcloud.com/vulnerabilities/91282 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6742
https://notcve.org/view.php?id=CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no tienen un atributo de no autocompletar un campo de contraseña, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo no atendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89858 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3988
https://notcve.org/view.php?id=CVE-2013-3988
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84973 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6743
https://notcve.org/view.php?id=CVE-2013-6743
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. Vulnerabilidad de XSS en Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a usuarios auntenticados remotos inyectar script Web o HTML arbitrarios a través de vectores que involucran un elemento IMG. • http://osvdb.org/103131 http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •