4

CVE-2010-2278

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmLotus Connections Version2.5.0
IbmLotus Connections Version2.5.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.693
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 4.9 4.9
AV:N/AC:H/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/40007
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1281
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669