Vulnerabilities > IBM > Connections > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-11 CVE-2017-1613 Information Exposure vulnerability in IBM Connections 6.0
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data.
network
low complexity
ibm CWE-200
5.3
2017-12-07 CVE-2017-1498 Cross-site Scripting vulnerability in IBM Connections 5.5.0.0
IBM Connections 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-03-01 CVE-2016-5932 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-08 CVE-2016-0310 Cross-site Scripting vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
network
low complexity
ibm CWE-79
5.4
2017-02-08 CVE-2016-0308 Improper Access Control vulnerability in IBM Connections
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
network
low complexity
ibm CWE-284
4.3
2017-02-08 CVE-2016-0307 Information Exposure vulnerability in IBM Connections
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
network
low complexity
ibm CWE-200
4.3
2017-02-08 CVE-2016-0305 Cross-site Scripting vulnerability in IBM Connections
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
2016-12-01 CVE-2016-2955 Cross-site Scripting vulnerability in IBM Connections 5.0.0.0/5.5.0.0
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-11-30 CVE-2016-3004 Cross-Site Request Forgery (CSRF) vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.
network
low complexity
ibm CWE-352
4.6
2016-11-30 CVE-2016-2958 Information Exposure vulnerability in IBM Connections 4.0.0.0/4.5.0.0/5.0.0.0
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response.
network
low complexity
ibm CWE-200
4.3