CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3988
https://notcve.org/view.php?id=CVE-2013-3988
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a atacantes remotos realizar ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84973 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6743
https://notcve.org/view.php?id=CVE-2013-6743
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element. Vulnerabilidad de XSS en Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 permite a usuarios auntenticados remotos inyectar script Web o HTML arbitrarios a través de vectores que involucran un elemento IMG. • http://osvdb.org/103131 http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/89859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3983
https://notcve.org/view.php?id=CVE-2013-3983
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no valida URLs en cebeceras de Cookies antes de su utilización en redirecciones, lo que tiene un impacto no especificado y vectores de ataques remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84966 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3978
https://notcve.org/view.php?id=CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. Meeting Server en IBM Sametime 8.5.2 hasta 8.5.2.1 y 9.x hasta 9.0.0.1 no envía las debidas cabeceras de respuesta HTTP para prevenir el cacheo no deseado por un navegador, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento de una estación de trabajo no atendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21662928 https://exchange.xforce.ibmcloud.com/vulnerabilities/84902 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6727
https://notcve.org/view.php?id=CVE-2013-6727
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. El cliente Connect en IBM Sametime 8.5.2 hasta la versión 8.5.2.1 y 9.0 anterior a HF1 no restringe adecuadamente los plugins de Java sin firmar, lo que permite a atacantes remotos obtener información sensible a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21662725 https://exchange.xforce.ibmcloud.com/vulnerabilities/89282 • CWE-264: Permissions, Privileges, and Access Controls •