Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2007-03-30 |
| Product | Lotus Sametime | Last view | 2011-10-29 |
| Version | 7.5 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:lotus_sametime | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2011-10-29 | CVE-2011-1370 | The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. |
| 10 | 2010-09-15 | CVE-2010-3398 | Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. |
| 7.5 | 2008-05-29 | CVE-2008-2499 | Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL. |
| 4.3 | 2008-01-18 | CVE-2008-0354 | Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. |
| 4.3 | 2007-12-10 | CVE-2007-6295 | Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. |
| 4.3 | 2007-08-03 | CVE-2007-4142 | Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. |
| 9.3 | 2007-03-30 | CVE-2007-1784 | The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 25% (1) | CWE-16 | Configuration |
SAINT Exploits
| Description | Link |
|---|---|
| IBM Lotus Sametime Community Services Multiplexer buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76621 | IBM Lotus Sametime Configuration Servlet Authentication Weakness Remote Confi... |
| 68044 | IBM Lotus Sametime Connect Webcontainer Implementation Unspecified Issue |
| 45610 | IBM Lotus Sametime Community Services Multiplexer (StMux.exe) Remote Overflow |
| 40536 | IBM Lotus Sametime Chat Client Mouseover XSS |
| 39258 | IBM Lotus Sametime WebRunMenuFrame Page URI XSS |
| 36462 | IBM Lotus Sametime Server Meeting Unspecified XSS |
| 35211 | IBM Lotus Sametime JNILoader ActiveX (STJNILoader.ocx) Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2008-A-0034 | IBM Lotus Sametime Multiplexer Buffer Overflow Vulnerability Severity: Category I - VMSKEY: V0016023 |
| 2008-A-0001 | IBM Lotus Sametime Client Cross-Site Scripting Vulnerability Severity: Category II - VMSKEY: V0015728 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | IBM Lotus Sametime multiplexer stack buffer overflow attempt RuleID : 13902 - Type : SERVER-OTHER - Revision : 15 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader ActiveX function call access RuleID : 10417 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader ActiveX clsid unicode access RuleID : 10416 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader ActiveX clsid access attempt RuleID : 10415 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access RuleID : 10414 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid unicode access RuleID : 10413 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | IBM Lotus SameTime STJNILoader ActiveX clsid access attempt RuleID : 10412 - Type : BROWSER-PLUGINS - Revision : 13 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-09-24 | Name: The remote server hosts an application that contains a buffer overflow vulner... File: lotus_sametime_stmux_buffer_overflow.nasl - Type: ACT_GATHER_INFO |
| 2013-09-23 | Name: The remote Windows host has a chat client installed that is affected by a cro... File: lotus_sametime_connect_swg21292938.nasl - Type: ACT_GATHER_INFO |
