The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x prior to 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus connections 2.5.0 |
||
ibm lotus connections 2.5.0.1 |