VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2278
lotus_connections: The bookmarklet pop-up in the Bookmarks component i...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2278

Original

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-16




Affected Product Tags
cpe:/a:ibm:lotus_connections:2.5.0
cpe:/a:ibm:lotus_connections:2.5.0.1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

X High [?]
Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
AIXAPAR LO47669




AIXAPAR LO47642




AIXAPAR LO47610




AIXAPAR LO47501




AIXAPAR LO47496




AIXAPAR LO47429




CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21431472




SECUNIA 40007




VUPEN ADV-2010-1281




Vulnerability Type Design Error (NVD-CWE-DesignError)




Copyright © 2010 JPCERT/CC All Rights Reserved.