Vulnerabilities > IBM > Connections > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-14 | CVE-2019-4403 | Cross-site Scripting vulnerability in IBM Connections 6.0 IBM Connections 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-06 | CVE-2018-1935 | Information Exposure vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. | 4.0 |
| 2018-09-14 | CVE-2018-1791 | Improper Input Validation vulnerability in IBM Connections 5.0/5.5/6.0 IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. | 4.9 |
| 2018-06-04 | CVE-2017-1748 | Open Redirect vulnerability in IBM Connections 5.0.0.0/5.5.0.0/6.0 IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2018-03-20 | CVE-2015-7461 | Resource Management Errors vulnerability in IBM Connections XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. | 4.0 |
| 2017-12-11 | CVE-2017-1613 | Information Exposure vulnerability in IBM Connections 6.0 IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. | 5.0 |
| 2017-02-08 | CVE-2016-0308 | Improper Access Control vulnerability in IBM Connections IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images. | 4.0 |
| 2017-02-08 | CVE-2016-0307 | Information Exposure vulnerability in IBM Connections IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses. | 4.0 |
| 2016-11-30 | CVE-2016-3004 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0 Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. | 4.9 |
| 2016-11-30 | CVE-2016-2958 | Information Exposure vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0 IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. | 4.0 |