10 results (0.038 seconds)

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. El cliente Connect en IBM Sametime v8.5.1, v8.5.1.1, v8.5.1.2, v8.5.2, y v8.5.2.1, como se usaba en el cliente Lotus Notes puede permitir a usuarios locales obtener información sensible mediante el aprovechamiento de contraseñas persistentes en texto plano dentro de la memoria del proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21635218 https://exchange.xforce.ibmcloud.com/vulnerabilities/82656 • CWE-255: Credentials Management Errors •

CVSS: 3.5EPSS: 0%CPEs: 17EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Classic Meeting Server en IBM Sametime v7.5.1.2 hasta v8.5.2.1 que permite a usuarios autenticados inyectar secuencias arbitrarias de comandos web o HTML a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21635185 http://www-01.ibm.com/support/docview.wss?uid=swg21635545 https://exchange.xforce.ibmcloud.com/vulnerabilities/82657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor Sametime Links en IBM Sametime v8.0.2 hasta v8.5.2.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21633620 https://exchange.xforce.ibmcloud.com/vulnerabilities/82655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). La implementación del cliente en IBM Sametime v8.5.1 hasta la v8.5.2.1, como el usado en el cliente Sametime Connect, en el cliente Sametime Advanced Connect, en el cliente Sametime Advanced Web, y otros productos, permite a los usuarios remotos autenticados enviar comandos a usuarios del chat individuales, o a todos los participantes en una sala de chat, mediante Sametime Instant Message (IM). • http://www-01.ibm.com/support/docview.wss?uid=swg21633618 https://exchange.xforce.ibmcloud.com/vulnerabilities/82915 •

CVSS: 9.3EPSS: 12%CPEs: 128EXPL: 0

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar código través de vectores relacionados con "uso inseguro" de métodos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible(). • http://rhn.redhat.com/errata/RHSA-2012-1467.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss? •