CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45716 – HCL Sametime is impacted by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45716
Sametime is impacted by sensitive information passed in URL. Sametime se ve afectado por la información confidencial transmitida en la URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50349 – HCL Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50349
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. Sametime se ve afectado por una vulnerabilidad de Cross Site Request Forgery (CSRF). Algunas API REST de la aplicación Sametime Proxy pueden permitir que un atacante realice acciones maliciosas en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2012-3331
https://notcve.org/view.php?id=CVE-2012-3331
IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048. IBM Sametime permite que atacantes remotos obtengan información sensible de la base de datos de Sametime Log mediante una petición directa a STLOG.NSF. IBM X-Force ID: 78048. • http://www-01.ibm.com/support/docview.wss?uid=swg21613895 https://exchange.xforce.ibmcloud.com/vulnerabilities/78048 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4747 – IBM Sametime Meet Server 8.5 Password Disclosure
https://notcve.org/view.php?id=CVE-2014-4747
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser. Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes físicamente próximos descubrir un hash de contraseña de una reunión mediante el aprovechamiento del acceso a una estación de trabajo desatendida para leer código de fuente HTML dentro del navegador de una victima. IBM Sametime Meet Server version 8.5 suffers from a password disclosure vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127830/IBM-Sametime-Meet-Server-8.5-Password-Disclosure.html http://www-01.ibm.com/support/docview.wss?uid=swg21679221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4748 – IBM Sametime Meet Server 8.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4748
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Classic Meeting Server en IBM Sametime 8.x hasta 8.5.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability. • http://linux.oracle.com/errata/ELSA-2014-0747.html http://packetstormsecurity.com/files/127831/IBM-Sametime-Meet-Server-8.5-Cross-Site-Scripting.html http://secunia.com/advisories/60202 http://www-01.ibm.com/support/docview.wss?uid=swg21679221 https://exchange.xforce.ibmcloud.com/vulnerabilities/94350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •