Lotus Connections@2.5.0 Security Vulnerabilities and Issues — Lotus Connections@2.5.0 CVE List

Lucene search

IbmLotus Connections2.5.0

4 matches found

CVE•added 2010/06/15 2:30 p.m.•50 views

CVE-2010-2279

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

7.6CVSS6.7AI score0.00483EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2277

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vec...

4.3CVSS5.7AI score0.00463EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2278

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via ...

4CVSS6.6AI score0.00688EPSS

CVE•added 2010/06/15 2:30 p.m.•37 views

CVE-2010-2280

Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.

4.3CVSS6.8AI score0.00246EPSS