VYPR

Connections

by IBM

CVEs (71)

  • CVE-2016-3002LowNov 30, 2016
    risk 0.14cvss 2.1epss 0.00

    IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device.

  • CVE-2009-3469Sep 29, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

  • CVE-2024-30112Jun 25, 2024
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based…

  • CVE-2023-37541Jun 25, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

  • CVE-2024-30107Apr 18, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios.

  • CVE-2024-23557Apr 18, 2024
    risk 0.00cvss epss 0.00

    HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.

  • CVE-2023-28022Dec 15, 2023
    risk 0.00cvss epss 0.01

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

  • CVE-2023-28017Dec 7, 2023
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the…

  • CVE-2021-27746Oct 21, 2021
    risk 0.00cvss epss 0.00

    "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"

  • CVE-2020-4085Apr 22, 2020
    risk 0.00cvss epss 0.01

    "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."

  • CVE-2020-4084Mar 9, 2020
    risk 0.00cvss epss 0.01

    HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2020-4082Mar 5, 2020
    risk 0.00cvss epss 0.01

    The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security…

  • CVE-2020-4083Mar 5, 2020
    risk 0.00cvss epss 0.00

    HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.

  • CVE-2019-4403Jun 14, 2019
    risk 0.00cvss epss 0.01

    IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.

  • CVE-2018-1896Dec 7, 2018
    risk 0.00cvss epss 0.01

    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

  • CVE-2018-1935Dec 6, 2018
    risk 0.00cvss epss 0.01

    IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.

  • CVE-2014-0929Jun 8, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.

  • CVE-2013-0569Apr 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-0503Apr 23, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1032Feb 15, 2011
    risk 0.00cvss epss 0.01

    IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.