Vulnerabilities > IBM > Lotus Connections > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-15 | CVE-2010-2280 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. network ibm | 4.3 |
2010-06-15 | CVE-2010-2279 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. | 7.6 |
2010-06-15 | CVE-2010-2278 | Remote Security vulnerability in Lotus Connections 2.5.0/2.5.0.1 The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | 4.0 |
2010-06-15 | CVE-2010-2277 | Cross-Site Scripting vulnerability in IBM Lotus Connections 2.5.0/2.5.0.1 Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component. | 4.3 |