Lucene search

[email protected]CVE-2010-2279

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2279

2022-10-0316:21:07

[email protected]

web.nvd.nist.gov

ibm

lotus connections

homepage component

cve-2010-2279

security

update

ssl

remote attack vectors

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.1%

JSON

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when “forced SSL” is enabled, uses http for links, which has unspecified impact and remote attack vectors.

Affected configurations

NVD

Node

ibmlotus_connectionsMatch2.5.0

ibmlotus_connectionsMatch2.5.0.1

CPENameOperatorVersion
ibm:lotus_connectionsibm lotus connectionseq2.5.0
ibm:lotus_connectionsibm lotus connectionseq2.5.0.1

CPE	Name	Operator	Version
ibm:lotus_connections	ibm lotus connections	eq	2.5.0
ibm:lotus_connections	ibm lotus connections	eq	2.5.0.1

References

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO48325

www.vupen.com/english/advisories/2010/1281

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.1%

JSON

Related for CVE-2010-2279

prion1 nvd1 cvelist1