Page 8 of 42 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-3015

https://notcve.org/view.php?id=CVE-2014-3015

Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en el reproductor Web en IBM Sametime Proxy Server y Web Client 9.0 hasta 9.0.0.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21673260 https://exchange.xforce.ibmcloud.com/vulnerabilities/93026 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0

CVE-2014-0890

https://notcve.org/view.php?id=CVE-2014-0890

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. El cliente Connect en IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0 y 9.0.0.1, cuando cierta configuración com.ibm.collaboration.realtime.telephony.*.level está habilitada, registra contraseñas en texto plano durante sesiones de chat de Audio/Vídeo, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg21665658 https://exchange.xforce.ibmcloud.com/vulnerabilities/91282 • CWE-255: Credentials Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-6742

https://notcve.org/view.php?id=CVE-2013-6742

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no tienen un atributo de no autocompletar un campo de contraseña, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo no atendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89858 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-3988

https://notcve.org/view.php?id=CVE-2013-3988

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84973 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-6743

https://notcve.org/view.php?id=CVE-2013-6743

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. Vulnerabilidad de XSS en Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a usuarios auntenticados remotos inyectar script Web o HTML arbitrarios a través de vectores que involucran un elemento IMG. • http://osvdb.org/103131 http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •