CVE-2010-2278

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 15 June 2010

Summary

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

References

http://www.vupen.com/english/advisories/2010/1281

vdb-entryx_refsource_VUPEN

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496

vendor-advisoryx_refsource_AIXAPAR

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 15, 2010