Vulnerability in IBM Lotus Connections Bookmarks Component
CVE-2010-2278

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 15 June 2010

Summary

The bookmarks component of IBM Lotus Connections versions prior to 2.5.0.2 fails to respect the configured 'force SSL' setting, which exposes users to potential network traffic interception. This issue allows attackers to sniff cleartext communications or mount man-in-the-middle attacks, impersonating legitimate servers. Organizations utilizing affected versions must apply available patches to mitigate these risks and secure their communications.

References

http://www.vupen.com/english/advisories/2010/1281

vdb-entryx_refsource_VUPEN

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496

vendor-advisoryx_refsource_AIXAPAR

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 15, 2010