Home/Product/ibm connections
Product

ibm connections

69 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-21788
all versions
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary scri
5.4MEDIUM
 CVE-2025-52603
all versions
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to
3.5LOW
 CVE-2025-52639
all versions
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive inf
3.5LOW
 CVE-2025-31961
all versions
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenario
3.7LOW
 CVE-2024-42209
all versions
HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information t
3.5LOW
 CVE-2024-42208
all versions
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information
3.5LOW
 CVE-2024-42188
all versions
HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certa
3.7LOW
 CVE-2024-30106
all versions
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which
3.5LOW
 CVE-2024-30118
all versions
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information
3.5LOW
 CVE-2024-30112
all versions
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary scri
5.4MEDIUM
 CVE-2023-37541
all versions
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenario
3.5LOW
 CVE-2024-30107
all versions
HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in cert
3.5LOW
 CVE-2024-23557
all versions
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is val
3.5LOW
 CVE-2023-28018
all versions
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted
5.5MEDIUM
 CVE-2023-28022
all versions
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information
3.5LOW
 CVE-2023-28017
all versions
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary scri
5.4MEDIUM
 CVE-2023-37533
all versions
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbit
5.4MEDIUM
 CVE-2021-27746
all versions
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
5.4MEDIUM
 CVE-2019-4209
all versions
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct ph
6.1MEDIUM
 CVE-2020-4085
all versions
"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local
6.5MEDIUM
 CVE-2020-4084
all versions
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Ja
5.4MEDIUM
 CVE-2020-4083
all versions
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs
5.5MEDIUM
 CVE-2020-4082
all versions
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A
5.4MEDIUM
 CVE-2019-4403
all versions
IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t
5.4MEDIUM
 CVE-2018-1896
all versions
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attack
4.6MEDIUM
 CVE-2018-1935
all versions
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error mes
4.3MEDIUM
 CVE-2018-1791
all versions
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a requ
4.9MEDIUM
 CVE-2017-1748
all versions
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By per
6.8MEDIUM
 CVE-2015-7461
<= 3.0.1.1
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authent
6.5MEDIUM
 CVE-2015-7460
<= 3.0.1.1
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attack
5.4MEDIUM
 CVE-2015-7459
<= 3.0.1.1
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attack
5.4MEDIUM
 CVE-2015-7458
<= 3.0.1.1
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attack
5.4MEDIUM
 CVE-2017-1682
all versions
IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr
5.4MEDIUM
 CVE-2017-1613
all versions
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive
5.3MEDIUM
 CVE-2017-1498
all versions
IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t
5.4MEDIUM
 CVE-2016-5932
all versions
IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4MEDIUM
 CVE-2016-0310
all versions
IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker
5.4MEDIUM
 CVE-2016-0308
all versions
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropria
4.3MEDIUM
 CVE-2016-0307
all versions
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned respon
4.3MEDIUM
 CVE-2016-0305
all versions
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker cou
5.4MEDIUM
 CVE-2016-2955
all versions
Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to
5.4MEDIUM
 CVE-2016-3009
all versions
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows rem
3.5LOW
 CVE-2016-3004
all versions
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows rem
4.6MEDIUM
 CVE-2016-3002
all versions
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive inf
2.1LOW
 CVE-2016-2958
all versions
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive informa
4.3MEDIUM
 CVE-2016-2957
all versions
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive informa
4.3MEDIUM
 CVE-2016-2953
all versions
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain
3.7LOW
 CVE-2016-3007
all versions
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows
8.8HIGH
 CVE-2016-3006
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1
5.4MEDIUM
 CVE-2016-3003
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1
5.4MEDIUM
 CVE-2016-3001
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1
5.4MEDIUM
 CVE-2016-3000
all versions
The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to c
4.3MEDIUM
 CVE-2016-2999
<= 5.5.0.0
IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive info
6.5MEDIUM
 CVE-2016-3010
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.
5.4MEDIUM
 CVE-2016-3008
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenti
5.4MEDIUM
 CVE-2016-3005
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.
5.4MEDIUM
 CVE-2016-2998
all versions
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 befor
3.5LOW
 CVE-2016-2997
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.
5.4MEDIUM
 CVE-2016-2995
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.
5.4MEDIUM
 CVE-2016-2956
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenti
5.4MEDIUM
 CVE-2016-2954
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenti
5.4MEDIUM
 CVE-2016-0322
all versions
Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1
5.4MEDIUM
 CVE-2015-5038
<= 3.0.1.1
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion duri
7.5HIGH
 CVE-2015-5037
<= 3.0.1.1
Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0
5.4MEDIUM
 CVE-2015-5036
<= 3.0.1.1
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before
5.4MEDIUM
 CVE-2015-5035
<= 3.0.1.1
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before
5.4MEDIUM
 CVE-2014-0929
<= 3.0.1.1
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote aut
 CVE-2013-0569
all versions
Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arb
 CVE-2011-5254
<= 0.7.1.5
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin