CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2012-3331
https://notcve.org/view.php?id=CVE-2012-3331
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. IBM Sametime permite que atacantes remotos obtengan información sensible de la base de datos de Sametime Log mediante una petición directa a STLOG.NSF. IBM X-Force ID: 78048. • http://www-01.ibm.com/support/docview.wss?uid=swg21613895 https://exchange.xforce.ibmcloud.com/vulnerabilities/78048 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2966
https://notcve.org/view.php?id=CVE-2016-2966
IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. IBM Sametime 8.5.2 y 9.0 podría permitir que un usuario autenticado enumere las salas de reuniones al descubrir sus ID de sala de reuniones. IBM X-Force ID: 113847. • http://www.ibm.com/support/docview.wss?uid=swg22006441 http://www.securityfocus.com/bid/100572 https://exchange.xforce.ibmcloud.com/vulnerabilities/113847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4748 – IBM Sametime Meet Server 8.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4748
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127831/IBM-Sametime-Meet-Server-8.5-Cross-Site-Scripting.html http://secunia.com/advisories/60202 http://www-01.ibm.com/support/docview.wss?uid=swg21679221 https://exchange.xforce.ibmcloud.com/vulnerabilities/94350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4747 – IBM Sametime Meet Server 8.5 Password Disclosure
https://notcve.org/view.php?id=CVE-2014-4747
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes físicamente próximos descubrir un hash de contraseña de una reunión mediante el aprovechamiento del acceso a una estación de trabajo desatendida para leer código de fuente HTML dentro del navegador de una victima. IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127830/IBM-Sametime-Meet-Server-8.5-Password-Disclosure.html http://www-01.ibm.com/support/docview.wss?uid=swg21679221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3088 – IBM Sametime Meet Server 8.5 Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-3088
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. stconf.nsf en IBM Sametime Meeting Server 8.5.1 depende del cliente para validar el formato de fichero utilizado en solicitudes wAttach?OpenForm multipart/form-data POST, lo que permite a usuarios remotos autenticados evadir restricciones de subida mediante la modificación la cabera de tipo de contenido y extensión de fichero, tal y como fue demostrado mediante la sustitución de una subida text/plain .txt por una subida application/octet-stream .exe. IBM Sametime Meet Server version 8.8 suffers from a remote arbitrary file upload vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127294 http://packetstormsecurity.com/files/127829/IBM-Sametime-Meet-Server-8.5-Arbitrary-File-Upload.html http://www.securityfocus.com/bid/68291 • CWE-264: Permissions, Privileges, and Access Controls •