14 matches found
CVE-2010-2279
The CVE-2010-2279 entry documents a flaw in IBM Lotus Connections 2.5.x before 2.5.0.2 where the Top Updates implementation in the Homepage component uses http links when forced SSL is enabled. The underlying impact and exploitation are described as unspecified in the sources. The Red Hat, NVD, a...
CVE-2008-4806
IBM Lotus Connections 2.x is affected by multiple SQL injection vulnerabilities in unspecified components, exploitable via the sortField parameter to allow remote execution of arbitrary SQL commands. Impact includes potential data exposure or modification with partial confidentiality/integrity/av...
CVE-2008-4807
IBM Lotus Connections 2.x before 2.0.1 stores the administrator password in the trace.log file, enabling local users to read sensitive information. Affects Lotus Connections; impact: partial confidentiality loss. Exploitation details and remediation are not provided in the supplied documents.
CVE-2010-2277
CVE-2010-2277 affects IBM Lotus Connections 2.5.x before 2.5.0.2. The vulnerability involves multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via (1) the create or (2) edit form in the Communities component, (3) the verbiage field in the...
CVE-2010-2278
The vulnerability CVE-2010-2278 affects IBM Lotus Connections 2.5.x prior to 2.5.0.2, where the bookmarklet pop-up in the Bookmarks component does not properly enforce the force SSL setting. This could allow remote attackers to sniff or MITM network traffic or spoof arbitrary servers. Impact is p...
CVE-2011-1030
The CVE-2011-1030 entry affects IBM Lotus Connections 3.0, specifically the Wikis component. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML via vectors related to the “Confirm New Page scene.” The connected sources confirm the...
CVE-2011-1032
CVE-2011-1032 affects IBM Lotus Connections 3.0 when used with IBM WebSphere Application Server 7.0.0.11. The vulnerability is that access to the internal login module is not properly restricted. The description provides the affected product/version and the component involved (internal login modu...
CVE-2013-0503
The vulnerability (CVE-2013-0503) affects IBM Lotus Connections, Bookmarks component, and is a cross‑site scripting (XSS) flaw. It exists in versions prior to 4.0 CR3. The exploitation path is described as via unspecified vectors. In practice, the impact is arbitrary script/HTML execution in the ...
CVE-2009-3469
CVE-2009-3469 describes a cross-site scripting (XSS) vulnerability in IBM Lotus Connections 2.0.1, specifically in the component profiles/html/simpleSearch.do via the name parameter. The issue allows remote attackers to inject arbitrary web script or HTML. The public descriptions consistently cit...
CVE-2010-2280
CVE-2010-2280 describes an open redirect vulnerability in the Mobile component of IBM Lotus Connections 2.5.x when not updated to 2.5.0.2 . The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attempts via unspecified vectors, related to the module’s “mo...
CVE-2008-4808
IBM Lotus Connections 2.x before 2.0.1 is affected by a vulnerability that allows attackers to discover passwords via unspecified vectors. The provided documents do not specify the exact vectors, root cause, affected components, or remediation details. Users should monitor for official updates fo...
CVE-2008-4805
CVE-2008-4805 concerns multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 . The issues allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profi...
CVE-2008-4809
Technical details for CVE-2008-4809 are not publicly available in the provided documents. No concrete affected products/versions or exploits are listed. Monitor for updates.
CVE-2009-3816
CVE-2009-3816 describes multiple cross-site scripting (XSS) vulnerabilities in the Mobile subsystem’s Activities pages of IBM Lotus Connections 2.5.0.0. The flaws allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Connected sourcesconfirm the affected product a...