Ibm

Connections

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2017-1613

  • EPSS 0.32%
  • Veröffentlicht 11.12.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.

5.4

CVE-2017-1498

  • EPSS 0.25%
  • Veröffentlicht 07.12.2017 15:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

5.4

CVE-2016-5932

  • EPSS 0.26%
  • Veröffentlicht 01.03.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4

CVE-2016-0310

  • EPSS 0.26%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.

4.3

CVE-2016-0308

  • EPSS 0.19%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

4.3

CVE-2016-0307

  • EPSS 0.26%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

5.4

CVE-2016-0305

  • EPSS 0.17%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the secur...

5.4

CVE-2016-2955

  • EPSS 0.15%
  • Veröffentlicht 01.12.2016 11:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5

CVE-2016-3009

  • EPSS 0.04%
  • Veröffentlicht 30.11.2016 11:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic...

4.9

CVE-2016-3004

  • EPSS 0.07%
  • Veröffentlicht 30.11.2016 11:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available ap...