SQL Injection Vulnerabilities in IBM Lotus Connections
CVE-2008-4806

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 31 October 2008

Summary

Multiple SQL injection vulnerabilities exist in IBM Lotus Connections 2.x prior to version 2.0.1, which can be exploited by remote attackers. By manipulating the 'sortField' parameter, attackers are able to execute arbitrary SQL commands, posing significant risks to data integrity and confidentiality. It is essential for users of affected versions to apply necessary updates to mitigate these security concerns.

References

http://secunia.com/advisories/32466

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46212

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/31989

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 31, 2008
Vulnerability Reserved
Oct 31, 2008