CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4747 – IBM Sametime Meet Server 8.5 Password Disclosure
https://notcve.org/view.php?id=CVE-2014-4747
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes físicamente próximos descubrir un hash de contraseña de una reunión mediante el aprovechamiento del acceso a una estación de trabajo desatendida para leer código de fuente HTML dentro del navegador de una victima. IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127830/IBM-Sametime-Meet-Server-8.5-Password-Disclosure.html http://www-01.ibm.com/support/docview.wss?uid=swg21679221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3867
https://notcve.org/view.php?id=CVE-2014-3867
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no incluye la etiqueta HTTPOnly flag en una cabecera Set-Cookie para una cookie no especificada, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso script a esta cookie, una vulnerabilidad diferente a CVE-2013-3984. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 http://www.securityfocus.com/bid/67659 https://exchange.xforce.ibmcloud.com/vulnerabilities/84967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2013-3977 – IBM Lotus Notes Sametime Room Name Bruteforce
https://notcve.org/view.php?id=CVE-2013-3977
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos determinar qué aulas de reuniones pertenecen a un usuario mediante el aprovechamiento de conocimiento de nombres de usuarios válidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84901 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0906
https://notcve.org/view.php?id=CVE-2014-0906
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no comprueba si una cookie de sesión es actual, lo que permite a atacantes remotos realizar acciones de búsqueda de usuario mediante el aprovechamiento de una cookie (1) caducada o (2) invalidada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/91854 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-3975 – IBM Lotus Notes Sametime User Enumeration
https://notcve.org/view.php?id=CVE-2013-3975
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. Vulnerabilidad no especificada en Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos descubrir nombres, nombres completos y direcciones de e-mail de usuarios a través de una búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg21671201 https://exchange.xforce.ibmcloud.com/vulnerabilities/84855 •