CVE-2010-2279

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21431472	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/1281	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325
http://secunia.com/advisories/40007	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_connections:2.5.0:::::::*
	cpe:2.3:a:ibm:lotus_connections:2.5.0.1:::::::*

Information

Published : 2010-06-15 07:30

Updated : 2010-06-15 21:00

NVD link : CVE-2010-2279

Mitre link : CVE-2010-2279

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_connections

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2010/1281", "name": "ADV-2010-1281", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325", "name": "LO48325", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/40007", "name": "40007", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when \"forced SSL\" is enabled, uses http for links, which has unspecified impact and remote attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2279", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-06-15T14:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_connections:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_connections:2.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-06-16T04:00Z"}

7.6 /10