Connections@5.5.0.0 Security Vulnerabilities and Issues — Connections@5.5.0.0 CVE List

Lucene search

IbmConnections5.5.0.0

22 matches found

CVE•added 2018/06/04 5:29 p.m.•51 views

CVE-2017-1748

IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious W...

6.8CVSS5.8AI score0.0013EPSS

CVE•added 2016/09/26 4:59 a.m.•42 views

CVE-2016-3007

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.

8.8CVSS8.4AI score0.00115EPSS

CVE•added 2016/09/26 4:59 a.m.•41 views

CVE-2016-3003

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.

5.4CVSS5AI score0.00199EPSS

CVE•added 2017/02/08 10:59 p.m.•40 views

CVE-2016-0305

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL...

5.4CVSS5.5AI score0.00165EPSS

CVE•added 2016/09/01 10:59 a.m.•39 views

CVE-2016-3005

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-299...

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2017/12/07 3:29 p.m.•39 views

CVE-2017-1498

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020.

5.4CVSS5.2AI score0.0025EPSS

CVE•added 2016/12/01 11:59 a.m.•38 views

CVE-2016-2955

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS4.9AI score0.00154EPSS

CVE•added 2017/03/01 9:59 p.m.•38 views

CVE-2016-5932

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294.

5.4CVSS5.2AI score0.00258EPSS

CVE•added 2016/09/01 10:59 a.m.•37 views

CVE-2016-2954

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.

5.4CVSS5AI score0.00168EPSS

CVE•added 2016/09/26 4:59 a.m.•37 views

CVE-2016-3000

The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL.

4.3CVSS4.3AI score0.0042EPSS

CVE•added 2017/02/08 10:59 p.m.•36 views

CVE-2016-0310

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

5.4CVSS5.6AI score0.00258EPSS

CVE•added 2016/09/01 10:59 a.m.•36 views

CVE-2016-3010

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2016/09/26 4:59 a.m.•35 views

CVE-2016-3006

5.4CVSS5AI score0.00199EPSS

CVE•added 2016/09/01 10:59 a.m.•35 views

CVE-2016-3008

5.4CVSS5AI score0.00168EPSS

CVE•added 2017/02/08 10:59 p.m.•34 views

CVE-2016-0308

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

4.3CVSS4.5AI score0.00188EPSS

CVE•added 2016/09/01 10:59 a.m.•34 views

CVE-2016-2956

5.4CVSS5AI score0.00168EPSS

CVE•added 2016/09/01 10:59 a.m.•34 views

CVE-2016-2995

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2017/02/08 10:59 p.m.•32 views

CVE-2016-0307

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

4.3CVSS4.4AI score0.00264EPSS

CVE•added 2016/06/30 1:59 a.m.•32 views

CVE-2016-0322

Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.

5.4CVSS5AI score0.00168EPSS

CVE•added 2016/09/01 10:59 a.m.•32 views

CVE-2016-2997

5.4CVSS4.9AI score0.00199EPSS

CVE•added 2016/09/01 10:59 a.m.•32 views

CVE-2016-2998

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.

3.5CVSS4.3AI score0.00048EPSS

CVE•added 2016/09/26 4:59 a.m.•32 views

CVE-2016-3001

5.4CVSS5AI score0.00199EPSS