Ibm

Connections

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2017-1613

  • EPSS 0.32%
  • Published 11.12.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.

5.4

CVE-2017-1498

  • EPSS 0.25%
  • Published 07.12.2017 15:29:01
  • Last modified 20.04.2025 01:37:25

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

5.4

CVE-2016-5932

  • EPSS 0.26%
  • Published 01.03.2017 21:59:00
  • Last modified 20.04.2025 01:37:25

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4

CVE-2016-0310

  • EPSS 0.26%
  • Published 08.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

4.3

CVE-2016-0308

  • EPSS 0.19%
  • Published 08.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

4.3

CVE-2016-0307

  • EPSS 0.26%
  • Published 08.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

5.4

CVE-2016-0305

  • EPSS 0.17%
  • Published 08.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the secur...

5.4

CVE-2016-2955

  • EPSS 0.15%
  • Published 01.12.2016 11:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5

CVE-2016-3009

  • EPSS 0.04%
  • Published 30.11.2016 11:59:22
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic...

4.9

CVE-2016-3004

  • EPSS 0.07%
  • Published 30.11.2016 11:59:21
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available ap...