Ibm: >> Lotus Sametime >> 7.5.0.1 Security Vulnerabilities
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-10-29
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action.
CVSS Score
4.3
EPSS Score
0.008
Published
2011-03-01
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.
CVSS Score
10.0
EPSS Score
0.005
Published
2010-09-15
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVSS Score
4.3
EPSS Score
0.004
Published
2007-12-10