Vulnerability Description
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVSS Score
3.7
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Connections | 4.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg21990888PatchVendor Advisory
- http://www.securityfocus.com/bid/94415Third Party AdvisoryVDB Entry
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg21990888PatchVendor Advisory
- http://www.securityfocus.com/bid/94415Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-2953?
CVE-2016-2953 is a vulnerability with a CVSS score of 3.7 (LOW). IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
How severe is CVE-2016-2953?
CVE-2016-2953 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2953?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Connections.