IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
http://www.vupen.com/english/advisories/2011/0382
http://www.ibm.com/support/docview.wss?uid=swg21462435
http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565