CVE-2010-2278

Name of the Vulnerable Software and Affected Versions IBM Lotus Connections versions 2.5.x before 2.5.0.2

Description The issue is related to the bookmarklet pop-up in the Bookmarks component, which does not properly follow the "force SSL" setting. This might allow remote attackers to obtain the cleartext of network communication by sniffing the network or spoof arbitrary servers via a man-in-the-middle attack.

Recommendations For IBM Lotus Connections versions 2.5.x before 2.5.0.2, update to version 2.5.0.2 or later to resolve the issue.