CVE-2010-2280

4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 52.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Connections
Timeline
PublishedJun 15
Latest updateMay 17

Description

Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_connections2.5.0, 2.5.0.1+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mmcx-qw7v-559v: Open redirect vulnerability in the Mobile component in IBM Lotus Connections 22022-05-17
CVEList
CVE-2010-2280: Open redirect vulnerability in the Mobile component in IBM Lotus Connections 22010-06-14

💥Exploits & PoCs

1
Exploit-DB
HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2)2010-09-20
CVE-2010-2280 (MEDIUM CVSS 4.3) | Open redirect vulnerability in the | cvebase.io