Every CVE whose affected-product data names Ibm Connections, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2016-3007 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote…
CVE-2015-5038 — CVSS 7.5 (high): IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML…
CVE-2017-1748 — CVSS 6.8 (medium): IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a…
CVE-2015-7461 — CVSS 6.5 (medium): XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated…
CVE-2016-2999 — CVSS 6.5 (medium): IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information…
CVE-2014-0929 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote…
CVE-2015-7460 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to…
CVE-2016-0305 — CVSS 5.4 (medium): IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could…
CVE-2016-0310 — CVSS 5.4 (medium): IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain.
CVE-2016-0322 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows…
CVE-2016-2954 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated…
CVE-2016-2955 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject…
CVE-2016-2956 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated…
CVE-2019-4403 — CVSS 5.4 (medium): IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…
CVE-2015-5035 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3…
CVE-2015-5036 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3…
CVE-2015-5037 — CVSS 5.4 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before…
CVE-2015-7458 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to…
CVE-2015-7459 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to…
CVE-2016-2995 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before…
CVE-2016-2997 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before…
CVE-2016-3001 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows…
CVE-2016-3003 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows…
CVE-2016-3005 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before…
CVE-2016-3006 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows…
CVE-2016-3008 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated…
CVE-2016-3010 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before…
CVE-2016-5932 — CVSS 5.4 (medium): IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2017-1498 — CVSS 5.4 (medium): IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…
CVE-2017-1682 — CVSS 5.4 (medium): IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1613 — CVSS 5.3 (medium): IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive…
CVE-2018-1791 — CVSS 4.9 (medium): IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request…
CVE-2016-3004 — CVSS 4.6 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote…
CVE-2018-1896 — CVSS 4.6 (medium): IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's…
CVE-2016-2957 — CVSS 4.3 (medium): IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by…
CVE-2016-2958 — CVSS 4.3 (medium): IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by…
CVE-2013-0569 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary…
CVE-2016-0308 — CVSS 4.3 (medium): IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate…
CVE-2016-0307 — CVSS 4.3 (medium): IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
CVE-2016-3000 — CVSS 4.3 (medium): The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a…
CVE-2018-1935 — CVSS 4.3 (medium): IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages…
CVE-2016-2953 — CVSS 3.7 (low): IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain…
CVE-2016-2998 — CVSS 3.5 (low): Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1…
CVE-2016-3009 — CVSS 3.5 (low): Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote…
CVE-2016-3002 — CVSS 2.1 (low): IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information…