CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-2278

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.8%

CVSS Severity

CVSS v2 Score 4.0

References

http://secunia.com/advisories/40007
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669
http://www.vupen.com/english/advisories/2010/1281
http://secunia.com/advisories/40007
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642
http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669
http://www.vupen.com/english/advisories/2010/1281

Products affected by CVE-2010-2278

Ibm » Lotus Connections » Version: 2.5.0

cpe:2.3:a:ibm:lotus_connections:2.5.0
Ibm » Lotus Connections » Version: 2.5.0.1

cpe:2.3:a:ibm:lotus_connections:2.5.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-2278

Products

Pricing

Contact Us