VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2279
lotus_connections: The Top Updates implementation in the Homepage comp...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2279

Original

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-16




Affected Product Tags
cpe:/a:ibm:lotus_connections:2.5.0
cpe:/a:ibm:lotus_connections:2.5.0.1
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

X High [?]
Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
AIXAPAR LO48325




CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21431472




SECUNIA 40007




VUPEN ADV-2010-1281




Vulnerability Type Design Error (NVD-CWE-DesignError)




Copyright © 2010 JPCERT/CC All Rights Reserved.