The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x prior to 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote malicious users to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus connections 2.5.0 |
||
ibm lotus connections 2.5.0.1 |