CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1896
https://notcve.org/view.php?id=CVE-2018-1896
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456. IBM Connections 5.0, 5.5 y 6.0 es vulnerable a un posible ataque de inyección de cabeceras del host que podría provocar la navegación hasta el dominio del atacante. IBM X-Force ID: 152456. • http://www.securityfocus.com/bid/106197 https://exchange.xforce.ibmcloud.com/vulnerabilities/152456 https://www.ibm.com/support/docview.wss?uid=ibm10742567 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1935
https://notcve.org/view.php?id=CVE-2018-1935
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315. IBM Connections 5.0, 5.5 y 6.0 podría permitir que un usuario autenticado obtenga información sensible de mensajes de error de petición inválidos. IBM X-Force ID: 153315. • http://www.securityfocus.com/bid/106134 https://exchange.xforce.ibmcloud.com/vulnerabilities/153315 https://www.ibm.com/support/docview.wss?uid=ibm10742575 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1791
https://notcve.org/view.php?id=CVE-2018-1791
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946. IBM Connections 5.0, 5.5 y 6.0 es vulnerable a un ataque de interacción con servicios externos, provocado por la validación incorrecta de una propiedad de petición. Mediante el envío de cargas útiles adecuadas, un atacante podría explotar esta vulnerabilidad para inducir al servidor Connections a que ataque otros sistemas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148946 https://www.ibm.com/support/docview.wss?uid=ibm10731207 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1748
https://notcve.org/view.php?id=CVE-2017-1748
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521. IBM Connections en sus versiones 5.0, 5.5 y 6.0 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=swg22016698 https://exchange.xforce.ibmcloud.com/vulnerabilities/135521 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7460
https://notcve.org/view.php?id=CVE-2015-7460
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. Vulnerabilidad de Cross-Site Scripting (XSS) en las versiones 3.0.1.1 y anteriores, 4.0, 4.5 y versiones 5.0 anteriores a CR4 de 3.0.1.1 de IBM Connections permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 108356. • http://www-01.ibm.com/support/docview.wss?uid=swg21980518 https://exchange.xforce.ibmcloud.com/vulnerabilities/108356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •