HTTP Link Vulnerability in IBM Lotus Connections for Forced SSL Users
CVE-2010-2279

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Connections
Vendor: CVE Published:; 15 June 2010

What is CVE-2010-2279?

The implementation of Top Updates within the Homepage component of IBM Lotus Connections version 2.5.x prior to 2.5.0.2, when forced SSL is enabled, incorrectly uses HTTP for links. This flaw potentially exposes users to various remote attack vectors, compromising the security of sensitive data during transmission over the internet. Users of this software should take care to evaluate their configurations and apply appropriate updates to mitigate any risks associated with this vulnerability.

References

http://www.vupen.com/english/advisories/2010/1281

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/40007

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21431472

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 15, 2010