Connections@4.0.0.0 Security Vulnerabilities and Issues — Connections@4.0.0.0 CVE List

Lucene search

IbmConnections4.0.0.0

25 matches found

CVE•added 2016/09/26 4:59 a.m.•42 views

CVE-2016-3007

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.

8.8CVSS8.4AI score0.00115EPSS

CVE•added 2016/11/30 11:59 a.m.•41 views

CVE-2016-2953

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

4.3CVSS4.1AI score0.0024EPSS

CVE•added 2016/09/26 4:59 a.m.•41 views

CVE-2016-3003

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.

5.4CVSS5AI score0.00199EPSS

CVE•added 2017/02/08 10:59 p.m.•40 views

CVE-2016-0305

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL...

5.4CVSS5.5AI score0.00165EPSS

CVE•added 2018/03/20 9:29 p.m.•39 views

CVE-2015-7459

Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.

5.4CVSS5AI score0.00129EPSS

CVE•added 2016/09/01 10:59 a.m.•39 views

CVE-2016-3005

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-299...

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2016/11/30 11:59 a.m.•39 views

CVE-2016-3009

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.

3.5CVSS4.3AI score0.00044EPSS

CVE•added 2016/09/26 4:59 a.m.•37 views

CVE-2016-3000

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.

4.3CVSS4.3AI score0.0042EPSS

CVE•added 2017/02/08 10:59 p.m.•36 views

CVE-2016-0310

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

5.4CVSS5.6AI score0.00258EPSS

CVE•added 2016/11/30 11:59 a.m.•36 views

CVE-2016-2958

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.

4.3CVSS4AI score0.00219EPSS

CVE•added 2016/09/01 10:59 a.m.•36 views

CVE-2016-3010

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2018/03/20 9:29 p.m.•35 views

CVE-2015-7461

XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.

6.5CVSS5.9AI score0.00395EPSS

CVE•added 2016/09/26 4:59 a.m.•35 views

CVE-2016-3006

5.4CVSS5AI score0.00199EPSS

CVE•added 2017/02/08 10:59 p.m.•34 views

CVE-2016-0308

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

4.3CVSS4.5AI score0.00188EPSS

CVE•added 2016/09/01 10:59 a.m.•34 views

CVE-2016-2995

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2016/11/30 11:59 a.m.•33 views

CVE-2016-2957

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response.

4.3CVSS4AI score0.00161EPSS

CVE•added 2016/11/30 11:59 a.m.•33 views

CVE-2016-3004

4.9CVSS4.8AI score0.00072EPSS

CVE•added 2018/03/20 9:29 p.m.•32 views

CVE-2015-7458

5.4CVSS5AI score0.00129EPSS

CVE•added 2017/02/08 10:59 p.m.•32 views

CVE-2016-0307

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

4.3CVSS4.4AI score0.00264EPSS

CVE•added 2016/06/30 1:59 a.m.•32 views

CVE-2016-0322

Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.

5.4CVSS5AI score0.00168EPSS

CVE•added 2016/09/01 10:59 a.m.•32 views

CVE-2016-2997

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2016/09/01 10:59 a.m.•32 views

CVE-2016-2998

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.

3.5CVSS4.3AI score0.00048EPSS

CVE•added 2016/09/26 4:59 a.m.•32 views

CVE-2016-3001

5.4CVSS5AI score0.00199EPSS

CVE•added 2018/03/20 9:29 p.m.•31 views

CVE-2015-7460

5.4CVSS5AI score0.00129EPSS

CVE•added 2016/11/30 11:59 a.m.•31 views

CVE-2016-3002

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.

2.1CVSS3.5AI score0.00063EPSS