Ibm Sametime vulnerabilities

CVE-2012-3331 [MEDIUM] CWE-200 CVE-2012-3331: IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.

CVE-2016-2972 [HIGH] CWE-255 CVE-2016-2972: IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in t IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.

CVE-2016-2969 [MEDIUM] CWE-200 CVE-2016-2969: IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.

CVE-2016-2964 [MEDIUM] CWE-200 CVE-2016-2964: IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813.

CVE-2016-2965 [MEDIUM] CWE-352 CVE-2016-2965: IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by imp IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.

CVE-2016-0354 [MEDIUM] CWE-434 CVE-2016-0354: IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a m IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.

CVE-2016-0355 [MEDIUM] CWE-352 CVE-2016-0355: IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894.

CVE-2016-2976 [MEDIUM] CWE-200 CVE-2016-2976: IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.

CVE-2016-2979 [MEDIUM] CWE-79 CVE-2016-2979: IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.

CVE-2016-2970 [MEDIUM] CWE-200 CVE-2016-2970: IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that m IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851.

CVE-2016-2959 [MEDIUM] CWE-264 CVE-2016-2959: IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary m IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804.

CVE-2016-2966 [MEDIUM] CWE-200 CVE-2016-2966: IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847.

CVE-2016-2973 [MEDIUM] CWE-79 CVE-2016-2973: IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899.

CVE-2016-2977 [MEDIUM] CWE-20 CVE-2016-2977: IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937.

CVE-2016-2975 [MEDIUM] CWE-79 CVE-2016-2975: IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935.

CVE-2016-2980 [MEDIUM] CWE-74 CVE-2016-2980: The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993.

CVE-2016-2967 [MEDIUM] CWE-79 CVE-2016-2967: IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.

CVE-2016-0358 [MEDIUM] CWE-200 CVE-2016-0358: IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.

CVE-2016-2971 [MEDIUM] CWE-200 CVE-2016-2971: IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error lo IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898.

CVE-2016-0356 [MEDIUM] CWE-352 CVE-2016-0356: IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895.