CVE-2016-2953IBM Connections vulnerability

CWE-3103 documents3 sources
Severity
3.7LOWNVD
EPSS
0.2%
top 52.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Connections
Timeline
PublishedNov 30
Latest updateMay 17

Description

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

NVDibm/connections4.0.0.0, 4.5.0.0, 5.0.0.0+2

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-55jm-7536-rfj7: IBM Connections 42022-05-17
CVEList
CVE-2016-2953: IBM Connections 42016-11-30
CVE-2016-2953 — IBM Connections vulnerability | cvebase