CVE-2012-3331
https://notcve.org/view.php?id=CVE-2012-3331
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. IBM Sametime permite que atacantes remotos obtengan información sensible de la base de datos de Sametime Log mediante una petición directa a STLOG.NSF. IBM X-Force ID: 78048. • http://www-01.ibm.com/support/docview.wss?uid=swg21613895 https://exchange.xforce.ibmcloud.com/vulnerabilities/78048 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4748 – IBM Sametime Meet Server 8.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4748
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127831/IBM-Sametime-Meet-Server-8.5-Cross-Site-Scripting.html http://secunia.com/advisories/60202 http://www-01.ibm.com/support/docview.wss?uid=swg21679221 https://exchange.xforce.ibmcloud.com/vulnerabilities/94350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4747 – IBM Sametime Meet Server 8.5 Password Disclosure
https://notcve.org/view.php?id=CVE-2014-4747
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes físicamente próximos descubrir un hash de contraseña de una reunión mediante el aprovechamiento del acceso a una estación de trabajo desatendida para leer código de fuente HTML dentro del navegador de una victima. IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127830/IBM-Sametime-Meet-Server-8.5-Password-Disclosure.html http://www-01.ibm.com/support/docview.wss?uid=swg21679221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3867
https://notcve.org/view.php?id=CVE-2014-3867
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no incluye la etiqueta HTTPOnly flag en una cabecera Set-Cookie para una cookie no especificada, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso script a esta cookie, una vulnerabilidad diferente a CVE-2013-3984. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 http://www.securityfocus.com/bid/67659 https://exchange.xforce.ibmcloud.com/vulnerabilities/84967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3977 – IBM Lotus Notes Sametime Room Name Bruteforce
https://notcve.org/view.php?id=CVE-2013-3977
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos determinar qué aulas de reuniones pertenecen a un usuario mediante el aprovechamiento de conocimiento de nombres de usuarios válidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84901 • CWE-287: Improper Authentication •