CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3988
https://notcve.org/view.php?id=CVE-2013-3988
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84973 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6742
https://notcve.org/view.php?id=CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no tienen un atributo de no autocompletar un campo de contraseña, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo no atendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89858 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3983
https://notcve.org/view.php?id=CVE-2013-3983
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no valida URLs en cebeceras de Cookies antes de su utilización en redirecciones, lo que tiene un impacto no especificado y vectores de ataques remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84966 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3978
https://notcve.org/view.php?id=CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no envía las debidas cabeceras de respuesta HTTP para prevenir el cacheo no deseado por un navegador, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento de una estación de trabajo no atendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84902 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6727
https://notcve.org/view.php?id=CVE-2013-6727
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. El cliente Connect en IBM Sametime 8.5.2 hasta la versión 8.5.2.1 y 9.0 anterior a HF1 no restringe adecuadamente los plugins de Java sin firmar, lo que permite a atacantes remotos obtener información sensible a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21662725 https://exchange.xforce.ibmcloud.com/vulnerabilities/89282 • CWE-264: Permissions, Privileges, and Access Controls •