Vulnerabilities > IBM > Connections > 6.0

DATE CVE VULNERABILITY TITLE RISK
2019-06-14 CVE-2019-4403 Cross-site Scripting vulnerability in IBM Connections 6.0
IBM Connections 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-07 CVE-2018-1896 Injection vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
ibm CWE-74
3.5
3.5
2018-12-06 CVE-2018-1935 Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages.
network
low complexity
ibm CWE-200
4.0
4.0
2018-09-14 CVE-2018-1791 Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property.
network
ibm CWE-20
4.9
4.9
2018-06-04 CVE-2017-1748 Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
ibm CWE-601
5.8
5.8
2018-02-14 CVE-2017-1682 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-12-11 CVE-2017-1613 Information Exposure vulnerability in IBM Connections 6.0
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data.
network
low complexity
ibm CWE-200
5.0
5.0