CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7460
https://notcve.org/view.php?id=CVE-2015-7460
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108356. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7458
https://notcve.org/view.php?id=CVE-2015-7458
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108354. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7459
https://notcve.org/view.php?id=CVE-2015-7459
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108355. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7461
https://notcve.org/view.php?id=CVE-2015-7461
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. Vulnerabilidad de XEE (XML External Entity) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite que usuarios autenticados remotos provoquen una denegación de servicio (consumo de memoria) mediante datos XML manipulados. IBM X-Force ID: 108357. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108357 • CWE-399: Resource Management Errors CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2999
https://notcve.org/view.php?id=CVE-2016-2999
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. IBM Connections 4.x hasta la versión 4.5 CR5, 5.0 en versiones anteriores a CR4 y 5.5 en versiones anteriores a CR1 permite a usuarios remotos autenticados obtener información sensible a través de un ataque de fuerza bruta no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962 http://www.securityfocus.com/bid/93147 https://www-01.ibm.com/support/docview.wss?uid=swg21989067 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •