CVE-2013-3046
https://notcve.org/view.php?id=CVE-2013-3046
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no envía la cabecera HSTS Strict-Transport-Security, lo que facilita a atacantes man-in-the-middle secuestrar sesiones u obtener información sensible mediante el aprovechamiento de la presencia de solicitudes HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84819 • CWE-287: Improper Authentication •
CVE-2013-3982 – IBM Lotus Sametime Version Enumeration
https://notcve.org/view.php?id=CVE-2013-3982
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos obtener información de instalación y datos técnicos no especificados a través de una solicitud hacia una página pública. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84908 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3981
https://notcve.org/view.php?id=CVE-2013-3981
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descargar fotografías avatar de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84907 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6733
https://notcve.org/view.php?id=CVE-2013-6733
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la Web Application en el Classic Meeting Server de IBM Sametime Classic en 7.5.1.2 hasta la 8.5.2.1 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21659419 https://exchange.xforce.ibmcloud.com/vulnerabilities/89396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •