Ibm: >> Lotus Connections >> 1.0.1.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-04-23
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-10-31
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-10-31
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
2.1
EPSS Score
0.001
Published
2008-10-31
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
5.0
EPSS Score
0.003
Published
2008-10-31