CVE-2016-2953

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
ibmconnections
4.0.0.0
ibmconnections
4.5.0.0
ibmconnections
5.0.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295
http://www-01.ibm.com/support/docview.wss?uid=swg21990888
http://www.securityfocus.com/bid/94415
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90295
http://www-01.ibm.com/support/docview.wss?uid=swg21990888
http://www.securityfocus.com/bid/94415