Skip to main content

Sametime

52 CVEs product

Monthly

CVE-2025-62320 MEDIUM This Month

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage.

XSS Sametime
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-31966 LOW Monitor

HCL Sametime is vulnerable to broken server-side validation.

Authentication Bypass Sametime
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-21786 LOW Monitor

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. [CVSS 3.3 LOW]

Information Disclosure Sametime
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-30124 MEDIUM This Month

HCL Sametime is impacted by insecure services in-use on the UIM client by default. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sametime
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-30122 MEDIUM This Month

HCL Sametime is impacted by misconfigured security related HTTP headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sametime
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-42446 MEDIUM This Month

Starting with Sametime 12, anonymous users are enabled by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sametime
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-10297 Maven HIGH This Week

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sametime
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2016-2980 MEDIUM PATCH This Month

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection IBM Sametime
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2016-2978 LOW PATCH Monitor

IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-2976 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2975 MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2974 LOW PATCH Monitor

IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-2967 MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2966 MEDIUM PATCH This Month

IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2964 MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-0358 MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2979 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-2977 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2973 MEDIUM PATCH This Month

IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2972 HIGH PATCH This Week

IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Sametime
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2971 MEDIUM This Month

IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-2969 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-2965 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2959 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-10503 MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0356 MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-0355 MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-0354 MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Sametime
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-2970 MEDIUM This Month

IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2014-4748 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4747 LOW Monitor

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3867 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3014 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0906 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3984 LOW Monitor

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers. Rated low severity (CVSS 2.9). No vendor patch available.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
2.9
EPSS
0.1%
CVE-2013-3982 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
37.2%
CVE-2013-3981 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3980 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sametime
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-3977 MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
29.1%
CVE-2013-3975 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

IBM Information Disclosure Sametime
NVD
CVSS 2.0
5.0
EPSS
51.8%
Threat
4.1
CVE-2013-3046 MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Authentication Bypass Sametime
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-0890 LOW Monitor

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Sametime
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-6743 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6742 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-3988 MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sametime
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-3983 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3978 MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6727 MEDIUM This Month

The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java IBM Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6733 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0534 LOW Monitor

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Lotus Sametime Sametime
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-0553 LOW Monitor

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Lotus Sametime Sametime
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-3308 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 0% CVSS 4.7
MEDIUM This Month

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage.

XSS Sametime
NVD VulDB
EPSS 0% CVSS 2.7
LOW Monitor

HCL Sametime is vulnerable to broken server-side validation.

Authentication Bypass Sametime
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. [CVSS 3.3 LOW]

Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

HCL Sametime is impacted by insecure services in-use on the UIM client by default. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

HCL Sametime is impacted by misconfigured security related HTTP headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sametime
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Starting with Sametime 12, anonymous users are enabled by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sametime
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sametime
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection IBM Sametime
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sametime
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Sametime
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sametime
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
EPSS 0% CVSS 2.9
LOW Monitor

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers. Rated low severity (CVSS 2.9). No vendor patch available.

IBM Information Disclosure Sametime
NVD
EPSS 37% CVSS 5.0
MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sametime
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sametime
NVD
EPSS 29% CVSS 4.3
MEDIUM POC THREAT This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.1%.

IBM Authentication Bypass Sametime
NVD
EPSS 52% 4.1 CVSS 5.0
MEDIUM POC THREAT This Month

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

IBM Information Disclosure Sametime
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Authentication Bypass Sametime
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Sametime
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sametime
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sametime
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java IBM +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Lotus Sametime +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Lotus Sametime +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Sametime
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy