CVE-2010-2278
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
El pop-up "bookmarklet" en el componente Bookmarks para IBM Lotus Connections v2.5.x anterior a v2.5.0.2 no sigue apropiadamente la configuración "force SSL", que podría hacer más sencillo a atacantes remotos obtener el texto plano de las comunicaciones de la red husmeando la red o falsificar servidores de su elección a través de un ataque man-in-the-middle (hombre en el medio)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-14 CVE Reserved
- 2010-06-14 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21431472 | 2010-06-16 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40007 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642 | 2010-06-16 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669 | 2010-06-16 | |
| http://www.vupen.com/english/advisories/2010/1281 | 2010-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Lotus Connections Search vendor "Ibm" for product "Lotus Connections" | 2.5.0 Search vendor "Ibm" for product "Lotus Connections" and version "2.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Connections Search vendor "Ibm" for product "Lotus Connections" | 2.5.0.1 Search vendor "Ibm" for product "Lotus Connections" and version "2.5.0.1" | - |
Affected
| ||||||