Back to search
CVE-2010-2278
Published: Jun 14, 2010
Modified: Sep 16, 2024
PUBLISHED
Description
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-1281
vdb-entry
x_refsource_VUPEN
LO47496
vendor-advisory
x_refsource_AIXAPAR
LO47642
vendor-advisory
x_refsource_AIXAPAR
LO47669
vendor-advisory
x_refsource_AIXAPAR
LO47610
vendor-advisory
x_refsource_AIXAPAR
LO47501
vendor-advisory
x_refsource_AIXAPAR
40007
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
x_refsource_CONFIRM
LO47429
vendor-advisory
x_refsource_AIXAPAR
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now