Vulnerability Description
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Connections | 2.5.0 |
References
- http://secunia.com/advisories/40007Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669
- http://www.vupen.com/english/advisories/2010/1281Vendor Advisory
- http://secunia.com/advisories/40007Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21431472PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501
- http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610
FAQ
What is CVE-2010-2278?
CVE-2010-2278 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obt...
How severe is CVE-2010-2278?
CVE-2010-2278 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2278?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Connections.