Page 3 of 19 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no comprueba si una cookie de sesión es actual, lo que permite a atacantes remotos realizar acciones de búsqueda de usuario mediante el aprovechamiento de una cookie (1) caducada o (2) invalidada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/91854 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. Vulnerabilidad no especificada en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descubrir nombres, nombres completos y direcciones de e-mail de usuarios a través de una búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84855 •

CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 http://www.securityfocus.com/bid/67597 https://exchange.xforce.ibmcloud.com/vulnerabilities/93025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.9EPSS: 0%CPEs: 11EXPL: 0

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no configura la etiqueta de seguridad para una cookie no especificada en una sesión https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepción de su transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos causar una denegación de servicio (inutilizabilidad de aula) mediante la generación de un número grande de usuarios ficticios apara entrar en una aula de reunión. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84906 • CWE-20: Improper Input Validation •