CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
72.4%
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the “force SSL” setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | lotus_connections | 2.5.0 | cpe:2.3:a:ibm:lotus_connections:2.5.0:*:*:*:*:*:*:* |
ibm | lotus_connections | 2.5.0.1 | cpe:2.3:a:ibm:lotus_connections:2.5.0.1:*:*:*:*:*:*:* |
secunia.com/advisories/40007
www-01.ibm.com/support/docview.wss?uid=swg21431472
www-1.ibm.com/support/docview.wss?uid=swg1LO47429
www-1.ibm.com/support/docview.wss?uid=swg1LO47496
www-1.ibm.com/support/docview.wss?uid=swg1LO47501
www-1.ibm.com/support/docview.wss?uid=swg1LO47610
www-1.ibm.com/support/docview.wss?uid=swg1LO47642
www-1.ibm.com/support/docview.wss?uid=swg1LO47669
www.vupen.com/english/advisories/2010/1281