Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm sametime 9.0.0.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-3983
The Meeting Server in IBM Sametime 8.5.2 up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.2.1
7.5
CVSSv2
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
6.8
CVSSv2
CVE-2016-2980
The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.1
Ibm Sametime 9.0.0.1
6.8
CVSSv2
CVE-2014-3015
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 up to and including 9.0.0.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Ibm Sametime Proxy Server And Web Client 9.0.0.1
Ibm Sametime Proxy Server And Web Client 9.0.0.0
6.8
CVSSv2
CVE-2013-3988
The Meeting Server in IBM Sametime 8.5.2 up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to conduct clickjacking attacks via unspecified vectors.
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
6
CVSSv2
CVE-2016-0354
IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
Ibm Sametime 9.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
5
CVSSv2
CVE-2016-2964
IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813.
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.1
Ibm Sametime 8.5.2.0
5
CVSSv2
CVE-2016-2971
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.
Ibm Sametime 9.0.0.1
Ibm Sametime 9.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
5
CVSSv2
CVE-2014-3867
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote malicious users to obtain potentially sensitive information...
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.1.0
Ibm Sametime 9.0.0.1
Ibm Sametime 9.0.0.0
Ibm Sametime 8.0.2.0
Ibm Sametime 8.0.1.1
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.0.1.0
Ibm Sametime 8.0.0.0
Ibm Sametime 8.5.0.0
Ibm Sametime 8.0.2.1
5
CVSSv2
CVE-2013-3981
The Meeting Server in IBM Sametime 8.x up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 allows remote malicious users to download avatar photos of arbitrary users via unspecified vectors.
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.1.0
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.0.0.0
Ibm Sametime 9.0.0.0
Ibm Sametime 8.0.1.1
Ibm Sametime 8.0.1.0
Ibm Sametime 8.5.0.0
Ibm Sametime 8.0.2.1
Ibm Sametime 8.0.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »