Описание
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
Ссылки
- Broken Link
- Broken Link
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 3.7
github
больше 3 лет назад
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
EPSS
Процентиль: 47%
0.0024
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310