Vulnerabilities > IBM > Lotus Connections > 1.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-31 | CVE-2008-4808 | Information Exposure vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. | 5.0 |
2008-10-31 | CVE-2008-4807 | Credentials Management vulnerability in IBM Lotus Connections IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2008-10-31 | CVE-2008-4806 | SQL Injection vulnerability in IBM Lotus Connections Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. | 7.5 |
2008-10-31 | CVE-2008-4805 | Cross-Site Scripting vulnerability in IBM Lotus Connections Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. | 4.3 |