Connections
by IBM
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3002 | Low | 0.14 | 2.1 | 0.00 | Nov 30, 2016 | IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. | ||
| CVE-2009-3469 | 0.03 | — | 0.04 | Sep 29, 2009 | Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2024-30112 | 0.00 | — | 0.00 | Jun 25, 2024 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based… | |||
| CVE-2023-37541 | 0.00 | — | 0.00 | Jun 25, 2024 | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||
| CVE-2024-30107 | 0.00 | — | 0.00 | Apr 18, 2024 | HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | |||
| CVE-2024-23557 | 0.00 | — | 0.00 | Apr 18, 2024 | HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. | |||
| CVE-2023-28022 | 0.00 | — | 0.01 | Dec 15, 2023 | HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||
| CVE-2023-28017 | 0.00 | — | 0.00 | Dec 7, 2023 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the… | |||
| CVE-2021-27746 | 0.00 | — | 0.00 | Oct 21, 2021 | "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" | |||
| CVE-2020-4085 | 0.00 | — | 0.01 | Apr 22, 2020 | "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | |||
| CVE-2020-4084 | 0.00 | — | 0.01 | Mar 9, 2020 | HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2020-4082 | 0.00 | — | 0.01 | Mar 5, 2020 | The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security… | |||
| CVE-2020-4083 | 0.00 | — | 0.00 | Mar 5, 2020 | HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | |||
| CVE-2019-4403 | 0.00 | — | 0.01 | Jun 14, 2019 | IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264. | |||
| CVE-2018-1896 | 0.00 | — | 0.01 | Dec 7, 2018 | IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. | |||
| CVE-2018-1935 | 0.00 | — | 0.01 | Dec 6, 2018 | IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315. | |||
| CVE-2014-0929 | 0.00 | — | 0.01 | Jun 8, 2014 | Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. | |||
| CVE-2013-0569 | 0.00 | — | 0.01 | Apr 27, 2013 | Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0503 | 0.00 | — | 0.01 | Apr 23, 2013 | Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1032 | 0.00 | — | 0.01 | Feb 15, 2011 | IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. |
- risk 0.14cvss 2.1epss 0.00
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.
- CVE-2009-3469Sep 29, 2009risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
- CVE-2024-30112Jun 25, 2024risk 0.00cvss —epss 0.00
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based…
- CVE-2023-37541Jun 25, 2024risk 0.00cvss —epss 0.00
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
- CVE-2024-30107Apr 18, 2024risk 0.00cvss —epss 0.00
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.
- CVE-2024-23557Apr 18, 2024risk 0.00cvss —epss 0.00
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.
- CVE-2023-28022Dec 15, 2023risk 0.00cvss —epss 0.01
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
- CVE-2023-28017Dec 7, 2023risk 0.00cvss —epss 0.00
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the…
- CVE-2021-27746Oct 21, 2021risk 0.00cvss —epss 0.00
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
- CVE-2020-4085Apr 22, 2020risk 0.00cvss —epss 0.01
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."
- CVE-2020-4084Mar 9, 2020risk 0.00cvss —epss 0.01
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2020-4082Mar 5, 2020risk 0.00cvss —epss 0.01
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security…
- CVE-2020-4083Mar 5, 2020risk 0.00cvss —epss 0.00
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.
- CVE-2019-4403Jun 14, 2019risk 0.00cvss —epss 0.01
IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
- CVE-2018-1896Dec 7, 2018risk 0.00cvss —epss 0.01
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.
- CVE-2018-1935Dec 6, 2018risk 0.00cvss —epss 0.01
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.
- CVE-2014-0929Jun 8, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.
- CVE-2013-0569Apr 27, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-0503Apr 23, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1032Feb 15, 2011risk 0.00cvss —epss 0.01
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
Page 3 of 4