Lotus Mobile Connect
by IBM
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-4465 | 0.00 | — | 0.00 | Nov 19, 2011 | Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. | ||
| CVE-2010-4595 | 0.00 | — | 0.00 | Dec 22, 2010 | The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | ||
| CVE-2010-4594 | 0.00 | — | 0.01 | Dec 22, 2010 | The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue. | ||
| CVE-2010-4593 | 0.00 | — | 0.00 | Dec 22, 2010 | The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices. | ||
| CVE-2010-4592 | 0.00 | — | 0.01 | Dec 22, 2010 | The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. | ||
| CVE-2010-4591 | 0.00 | — | 0.00 | Dec 22, 2010 | The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | ||
| CVE-2010-4590 | 0.00 | — | 0.00 | Dec 22, 2010 | Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2011-4465Nov 19, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.
- CVE-2010-4595Dec 22, 2010risk 0.00cvss —epss 0.00
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
- CVE-2010-4594Dec 22, 2010risk 0.00cvss —epss 0.01
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue.
- CVE-2010-4593Dec 22, 2010risk 0.00cvss —epss 0.00
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices.
- CVE-2010-4592Dec 22, 2010risk 0.00cvss —epss 0.01
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts.
- CVE-2010-4591Dec 22, 2010risk 0.00cvss —epss 0.00
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
- CVE-2010-4590Dec 22, 2010risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.