Ibm

Connections

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-4403

  • EPSS 0.16%
  • Published 14.06.2019 15:29:00
  • Last modified 21.11.2024 04:43:34

IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

5.4

CVE-2018-1896

  • EPSS 0.16%
  • Published 07.12.2018 16:29:00
  • Last modified 21.11.2024 04:00:33

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

4.3

CVE-2018-1935

  • EPSS 0.17%
  • Published 06.12.2018 14:29:00
  • Last modified 21.11.2024 04:00:37

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.

4.9

CVE-2018-1791

  • EPSS 0.17%
  • Published 14.09.2018 12:29:00
  • Last modified 21.11.2024 04:00:22

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections se...

6.1

CVE-2017-1748

  • EPSS 0.13%
  • Published 04.06.2018 17:29:00
  • Last modified 21.11.2024 03:22:18

IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the ...

6.5

CVE-2015-7461

  • EPSS 0.4%
  • Published 20.03.2018 21:29:01
  • Last modified 21.11.2024 02:36:50

XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.

5.4

CVE-2015-7460

  • EPSS 0.13%
  • Published 20.03.2018 21:29:01
  • Last modified 21.11.2024 02:36:49

Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.

5.4

CVE-2015-7459

  • EPSS 0.13%
  • Published 20.03.2018 21:29:00
  • Last modified 21.11.2024 02:36:49

Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.

5.4

CVE-2015-7458

  • EPSS 0.13%
  • Published 20.03.2018 21:29:00
  • Last modified 21.11.2024 02:36:49

Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.

5.4

CVE-2017-1682

  • EPSS 0.2%
  • Published 14.02.2018 15:29:00
  • Last modified 21.11.2024 03:22:12

IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...