Every CVE whose affected-product data names Ibm Sametime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2016-2972 — CVSS 7.8 (high): IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which…
CVE-2013-3983 — CVSS 7.5 (high): The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them…
CVE-2013-6742 — CVSS 7.5 (high): The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password…
CVE-2013-3988 — CVSS 6.8 (medium): The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks…
CVE-2016-0355 — CVSS 6.5 (medium): IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to…
CVE-2016-0356 — CVSS 6.5 (medium): IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to…
CVE-2016-2965 — CVSS 6.5 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied…
CVE-2016-2980 — CVSS 6.3 (medium): The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a…
CVE-2016-0354 — CVSS 5.5 (medium): IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting…
CVE-2016-2967 — CVSS 5.4 (medium): IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2016-2973 — CVSS 5.4 (medium): IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2016-2979 — CVSS 5.4 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2016-2975 — CVSS 5.4 (medium): IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2016-2971 — CVSS 5.3 (medium): IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future…
CVE-2012-3331 — CVSS 5.3 (medium): IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM…
CVE-2016-2964 — CVSS 5.3 (medium): IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about…
CVE-2013-3982 — CVSS 5.0 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation…
CVE-2013-3975 — CVSS 5.0 (medium): Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to…
CVE-2013-3978 — CVSS 5.0 (medium): The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to…
CVE-2013-3980 — CVSS 5.0 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room…
CVE-2013-3981 — CVSS 5.0 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of…
CVE-2013-6727 — CVSS 5.0 (medium): The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows…
CVE-2014-3867 — CVSS 5.0 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header…
CVE-2014-4748 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to…
CVE-2016-2966 — CVSS 4.3 (medium): IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID…
CVE-2013-6733 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1…
CVE-2016-2969 — CVSS 4.3 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force…
CVE-2016-2970 — CVSS 4.3 (medium): IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the…
CVE-2012-3308 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or…
CVE-2013-3977 — CVSS 4.3 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are…
CVE-2013-3046 — CVSS 4.3 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header…
CVE-2016-2976 — CVSS 4.3 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the…
CVE-2016-2977 — CVSS 4.3 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.
CVE-2014-0906 — CVSS 4.3 (medium): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which…
CVE-2016-0358 — CVSS 4.3 (medium): IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was…
CVE-2016-10503 — CVSS 4.3 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an…
CVE-2016-2959 — CVSS 4.3 (medium): IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID…
CVE-2014-3014 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote…
CVE-2013-6743 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote…
CVE-2013-0553 — CVSS 3.5 (low): The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client…
CVE-2016-2978 — CVSS 3.3 (low): IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local…
CVE-2016-2974 — CVSS 3.3 (low): IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related…
CVE-2013-3984 — CVSS 2.9 (low): The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an…
CVE-2014-4747 — CVSS 2.1 (low): The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by…
CVE-2014-0890 — CVSS 1.9 (low): The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime…
CVE-2013-0534 — CVSS 1.9 (low): The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might…