Vulnerabilities > IBM > Connections > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-14 | CVE-2019-4403 | Cross-site Scripting vulnerability in IBM Connections 6.0 IBM Connections 6.0 is vulnerable to cross-site scripting. | 5.4 |
2018-12-07 | CVE-2018-1896 | Injection vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | 5.4 |
2018-12-06 | CVE-2018-1935 | Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. | 4.3 |
2018-09-14 | CVE-2018-1791 | Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. | 4.9 |
2018-06-04 | CVE-2017-1748 | Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
2018-03-20 | CVE-2015-7461 | XXE vulnerability in IBM Connections XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. | 6.5 |
2018-03-20 | CVE-2015-7460 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2018-03-20 | CVE-2015-7459 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2018-03-20 | CVE-2015-7458 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2018-02-14 | CVE-2017-1682 | Cross-site Scripting vulnerability in IBM Connections IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. | 5.4 |