CVE-2010-2278
First published: Tue Jun 15 2010(Updated: )
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Connections | =2.5.0.1 | |
| IBM Lotus Connections | =2.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
- http://www.vupen.com/english/advisories/2010/1281
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
- http://secunia.com/advisories/40007
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus connections
- version/ibm lotus connections/2.5.0.1
- version/ibm lotus connections/2.5.0