CVE-2010-2279

EUVD-2010-2289
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
ibmlotus_connections
2.5.0
ibmlotus_connections
2.5.0.1
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/40007
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325
http://www.vupen.com/english/advisories/2010/1281
http://secunia.com/advisories/40007
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325
http://www.vupen.com/english/advisories/2010/1281