Design/Logic Flaw

2010-06-1514:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.1%

JSON

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when “forced SSL” is enabled, uses http for links, which has unspecified impact and remote attack vectors.

CPENameOperatorVersion
lotus_connectionseq2.5.0.1
lotus_connectionseq2.5.0

CPE	Name	Operator	Version
	lotus_connections	eq	2.5.0.1
	lotus_connections	eq	2.5.0

References

secunia.com/advisories/40007

www-01.ibm.com/support/docview.wss?uid=swg21431472

www-1.ibm.com/support/docview.wss?uid=swg1LO48325

www.vupen.com/english/advisories/2010/1281