Multiple vulnerabilities in IBM Sametime
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2016-2970 CVE-2016-0729 CVE-2016-4449 CVE-2016-2965 CVE-2016-2971 CVE-2016-2969 CVE-2016-2972 CVE-2016-2979 CVE-2016-2973 CVE-2016-2977 CVE-2016-2958 CVE-2016-2959 CVE-2016-0356 CVE-2016-0355 CVE-2016-0354 CVE-2016-4463 |
| CWE-ID | CWE-200 CWE-119 CWE-611 CWE-352 CWE-79 CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Sametime Client/Desktop applications / Messaging software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU8014
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2970
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unknown error. A remote attacker can read arbitrary files on the system.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006233
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU8015
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0729
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the Apache Xerces-C XML Parser library due to improper bounds checking during processing and error reporting. A remote attacker can send a specially crafted input documents and cause the library to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability results in denial of service.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006233
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) XXE attack
EUVDB-ID: #VU8016
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4449
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct XXE attack.
The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.
Successful exploitation of the vulnerability may result in information disclosure.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006233
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site request forgery
EUVDB-ID: #VU8029
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2965
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and force the user to log out of Sametime.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU8028
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2971
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to server may send replies to the wrong email addresses. A remote attacker can disclose sensitive information in stack trace error logs and perform further attacks.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU8027
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2969
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to server may send replies to the wrong email addresses. A remote attacker can read arbitrary files on the system.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU8026
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2972
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unknown error. A local attacker can credentials of the Sametime Meetings user in the local cache of the browser.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cross-site scripting
EUVDB-ID: #VU8025
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2979
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU8024
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2973
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security restrictions bypass
EUVDB-ID: #VU8023
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2977
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can lower arbitrary hands (i.e., votes) in an e-meeting and spoof results of votes in meeting.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Security restrictions bypass
EUVDB-ID: #VU8022
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2958
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can lower arbitrary hands (i.e., votes) in an e-meeting and spoof results of votes in meeting.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU8021
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2959
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can remove the primary manager's privileges.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cross-site request forgery
EUVDB-ID: #VU8020
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0356
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to perform CSRF attack.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Cross-site request forgery
EUVDB-ID: #VU8019
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0355
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to perform CSRF attack.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU8018
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0354
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient validation of user supplied input. A remote attacker can upload a malicious file to a Sametime meeting room and execute arbitrary code with privileges of the current user.
Update to version 9.0.1 FP1.
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://www-01.ibm.com/support/docview.wss?uid=swg22006439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) DTD parsing stack overflow
EUVDB-ID: #VU83
Risk: Low
CVSSv3.1: 6.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4463
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause the target application to crash.
The vulnerability exists due to boundary error when processing DTD files. A remote unauthenticated attacker can cause a stack-based buffer overflow in the xml parser library by creating a specially crafted DTD file.
Successful exploitation of this vulnerability may result in denial of service.
The vendor has issued a fix (3.1.4).
Vulnerable software versionsSametime: 8.5.0.0 - 9.0.0.0
External linkshttp://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
