Lucene search
+L
IbmLotus Connections

14 matches found

CVE
CVE
added 2010/06/14 7:0 p.m.60 views

CVE-2010-2279

The CVE-2010-2279 entry documents a flaw in IBM Lotus Connections 2.5.x before 2.5.0.2 where the Top Updates implementation in the Homepage component uses http links when forced SSL is enabled. The underlying impact and exploitation are described as unspecified in the sources. The Red Hat, NVD, a...

7.6CVSS6.7AI score0.01265EPSS
CVE
CVE
added 2008/10/31 5:18 p.m.56 views

CVE-2008-4806

IBM Lotus Connections 2.x is affected by multiple SQL injection vulnerabilities in unspecified components, exploitable via the sortField parameter to allow remote execution of arbitrary SQL commands. Impact includes potential data exposure or modification with partial confidentiality/integrity/av...

7.5CVSS8.1AI score0.01063EPSS
CVE
CVE
added 2008/10/31 5:18 p.m.52 views

CVE-2008-4807

IBM Lotus Connections 2.x before 2.0.1 stores the administrator password in the trace.log file, enabling local users to read sensitive information. Affects Lotus Connections; impact: partial confidentiality loss. Exploitation details and remediation are not provided in the supplied documents.

2.1CVSS5.8AI score0.003EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.51 views

CVE-2010-2277

CVE-2010-2277 affects IBM Lotus Connections 2.5.x before 2.5.0.2. The vulnerability involves multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via (1) the create or (2) edit form in the Communities component, (3) the verbiage field in the...

4.3CVSS5.7AI score0.01223EPSS
CVE
CVE
added 2010/06/14 7:0 p.m.51 views

CVE-2010-2278

The vulnerability CVE-2010-2278 affects IBM Lotus Connections 2.5.x prior to 2.5.0.2, where the bookmarklet pop-up in the Bookmarks component does not properly enforce the force SSL setting. This could allow remote attackers to sniff or MITM network traffic or spoof arbitrary servers. Impact is p...

4CVSS6.6AI score0.01417EPSS
CVE
CVE
added 2011/02/14 9:0 p.m.51 views

CVE-2011-1030

The CVE-2011-1030 entry affects IBM Lotus Connections 3.0, specifically the Wikis component. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML via vectors related to the “Confirm New Page scene.” The connected sources confirm the...

4.3CVSS5.6AI score0.01053EPSS
CVE
CVE
added 2011/02/14 11:0 p.m.50 views

CVE-2011-1032

CVE-2011-1032 affects IBM Lotus Connections 3.0 when used with IBM WebSphere Application Server 7.0.0.11. The vulnerability is that access to the internal login module is not properly restricted. The description provides the affected product/version and the component involved (internal login modu...

6.8CVSS6.6AI score0.01442EPSS
CVE
CVE
added 2013/04/23 10:0 a.m.50 views

CVE-2013-0503

The vulnerability (CVE-2013-0503) affects IBM Lotus Connections, Bookmarks component, and is a cross‑site scripting (XSS) flaw. It exists in versions prior to 4.0 CR3. The exploitation path is described as via unspecified vectors. In practice, the impact is arbitrary script/HTML execution in the ...

4.3CVSS5.7AI score0.01148EPSS
CVE
CVE
added 2009/09/29 7:0 p.m.49 views

CVE-2009-3469

CVE-2009-3469 describes a cross-site scripting (XSS) vulnerability in IBM Lotus Connections 2.0.1, specifically in the component profiles/html/simpleSearch.do via the name parameter. The issue allows remote attackers to inject arbitrary web script or HTML. The public descriptions consistently cit...

4.3CVSS5.6AI score0.03748EPSS
Web
CVE
CVE
added 2010/06/14 7:0 p.m.49 views

CVE-2010-2280

CVE-2010-2280 describes an open redirect vulnerability in the Mobile component of IBM Lotus Connections 2.5.x when not updated to 2.5.0.2 . The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attempts via unspecified vectors, related to the module’s “mo...

4.3CVSS6.8AI score0.01039EPSS
CVE
CVE
added 2008/10/31 5:18 p.m.48 views

CVE-2008-4808

IBM Lotus Connections 2.x before 2.0.1 is affected by a vulnerability that allows attackers to discover passwords via unspecified vectors. The provided documents do not specify the exact vectors, root cause, affected components, or remediation details. Users should monitor for official updates fo...

5CVSS6.1AI score0.01043EPSS
CVE
CVE
added 2008/10/31 5:18 p.m.46 views

CVE-2008-4805

CVE-2008-4805 concerns multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 . The issues allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profi...

4.3CVSS5.5AI score0.01223EPSS
CVE
CVE
added 2008/10/31 5:18 p.m.46 views

CVE-2008-4809

Technical details for CVE-2008-4809 are not publicly available in the provided documents. No concrete affected products/versions or exploits are listed. Monitor for updates.

10CVSS6.3AI score0.01495EPSS
CVE
CVE
added 2009/10/28 10:0 a.m.43 views

CVE-2009-3816

CVE-2009-3816 describes multiple cross-site scripting (XSS) vulnerabilities in the Mobile subsystem’s Activities pages of IBM Lotus Connections 2.5.0.0. The flaws allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Connected sourcesconfirm the affected product a...

4.3CVSS5.6AI score0.01022EPSS