CVE-2013-3975 – IBM Lotus Notes Sametime User Enumeration
https://notcve.org/view.php?id=CVE-2013-3975
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. Vulnerabilidad no especificada en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descubrir nombres, nombres completos y direcciones de e-mail de usuarios a través de una búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84855 •
CVE-2014-3014
https://notcve.org/view.php?id=CVE-2014-3014
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 http://www.securityfocus.com/bid/67597 https://exchange.xforce.ibmcloud.com/vulnerabilities/93025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3984
https://notcve.org/view.php?id=CVE-2013-3984
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no configura la etiqueta de seguridad para una cookie no especificada en una sesión https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepción de su transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3980
https://notcve.org/view.php?id=CVE-2013-3980
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos causar una denegación de servicio (inutilizabilidad de aula) mediante la generación de un número grande de usuarios ficticios apara entrar en una aula de reunión. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84906 • CWE-20: Improper Input Validation •
CVE-2013-3046
https://notcve.org/view.php?id=CVE-2013-3046
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no envía la cabecera HSTS Strict-Transport-Security, lo que facilita a atacantes man-in-the-middle secuestrar sesiones u obtener información sensible mediante el aprovechamiento de la presencia de solicitudes HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84819 • CWE-287: Improper Authentication •