CVE-2010-2278

medium

Description

The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

References

http://www.vupen.com/english/advisories/2010/1281

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47669

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47642

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47610

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47501

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47496

http://www-1.ibm.com/support/docview.wss?uid=swg1LO47429

http://www-01.ibm.com/support/docview.wss?uid=swg21431472

http://secunia.com/advisories/40007

Details

Source: Mitre, NVD

Published: 2010-06-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00688