Vulnerabilities > IBM > Connections > 4.5.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-03-20 CVE-2015-7461 XXE vulnerability in IBM Connections
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data.
network
low complexity
ibm CWE-611
6.5
6.5
2018-03-20 CVE-2015-7460 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2018-03-20 CVE-2015-7459 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2018-03-20 CVE-2015-7458 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-08 CVE-2016-0310 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-08 CVE-2016-0308 Improper Access Control vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
network
low complexity
ibm CWE-284
4.3
4.3
2017-02-08 CVE-2016-0307 Information Exposure vulnerability in IBM Connections
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
network
low complexity
ibm CWE-200
4.3
4.3
2017-02-08 CVE-2016-0305 Cross-site Scripting vulnerability in IBM Connections
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
5.4
2016-11-30 CVE-2016-3009 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
network
low complexity
ibm CWE-352
3.5
3.5
2016-11-30 CVE-2016-3004 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.
network
low complexity
ibm CWE-352
4.6
4.6