CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-3982 – IBM Lotus Sametime Version Enumeration
https://notcve.org/view.php?id=CVE-2013-3982
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos obtener información de instalación y datos técnicos no especificados a través de una solicitud hacia una página pública. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84908 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0CVE-2014-0890
https://notcve.org/view.php?id=CVE-2014-0890
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. El cliente Connect en IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0 y 9.0.0.1, cuando cierta configuración com.ibm.collaboration.realtime.telephony.*.level está habilitada, registra contraseñas en texto plano durante sesiones de chat de Audio/Vídeo, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg21665658 https://exchange.xforce.ibmcloud.com/vulnerabilities/91282 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6733
https://notcve.org/view.php?id=CVE-2013-6733
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la Web Application en el Classic Meeting Server de IBM Sametime Classic en 7.5.1.2 hasta la 8.5.2.1 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21659419 https://exchange.xforce.ibmcloud.com/vulnerabilities/89396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0CVE-2013-0534
https://notcve.org/view.php?id=CVE-2013-0534
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. El cliente Connect en IBM Sametime v8.5.1, v8.5.1.1, v8.5.1.2, v8.5.2, y v8.5.2.1, como se usaba en el cliente Lotus Notes puede permitir a usuarios locales obtener información sensible mediante el aprovechamiento de contraseñas persistentes en texto plano dentro de la memoria del proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21635218 https://exchange.xforce.ibmcloud.com/vulnerabilities/82656 • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 12%CPEs: 128EXPL: 0CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar código través de vectores relacionados con "uso inseguro" de métodos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible(). • http://rhn.redhat.com/errata/RHSA-2012-1467.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss? •