IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893.
https://exchange.xforce.ibmcloud.com/vulnerabilities/111893
http://www.securitytracker.com/id/1039231