Vulnerabilities > IBM > Connections > 5.5.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-04 CVE-2017-1748 Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2017-12-07 CVE-2017-1498 Cross-site Scripting vulnerability in IBM Connections 5.5.0.0
IBM Connections 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-03-01 CVE-2016-5932 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-08 CVE-2016-0310 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
low complexity
ibm CWE-79
5.4
5.4
2017-02-08 CVE-2016-0308 Improper Access Control vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
network
low complexity
ibm CWE-284
4.3
4.3
2017-02-08 CVE-2016-0307 Information Exposure vulnerability in IBM Connections
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
network
low complexity
ibm CWE-200
4.3
4.3
2017-02-08 CVE-2016-0305 Cross-site Scripting vulnerability in IBM Connections
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
5.4
2016-12-01 CVE-2016-2955 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-3007 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
network
low complexity
ibm CWE-352
8.8
8.8
2016-09-26 CVE-2016-3006 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.
network
low complexity
ibm CWE-79
5.4
5.4