Vulnerabilities > IBM > Connections > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-14 CVE-2019-4403 Cross-site Scripting vulnerability in IBM Connections 6.0
IBM Connections 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-12-07 CVE-2018-1896 Injection vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
low complexity
ibm CWE-74
5.4
2018-12-06 CVE-2018-1935 Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages.
network
low complexity
ibm CWE-200
4.3
2018-09-14 CVE-2018-1791 Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property.
network
high complexity
ibm CWE-20
4.9
2018-06-04 CVE-2017-1748 Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2018-03-20 CVE-2015-7461 XXE vulnerability in IBM Connections
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data.
network
low complexity
ibm CWE-611
6.5
2018-03-20 CVE-2015-7460 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2018-03-20 CVE-2015-7459 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2018-03-20 CVE-2015-7458 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2018-02-14 CVE-2017-1682 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4