Описание
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:lotus_connections:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_connections:2.5.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00688
Низкий
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
EPSS
Процентиль: 71%
0.00688
Низкий
4 Medium
CVSS2
Дефекты
NVD-CWE-Other