Vulnerability Bulletins

IBM Security Bulletin: Multiple Vulnerabilities in IBM Connections Mail plug-in (CVE-2014-5191, CVE-2014-8917)

System information
   
Affected software IBM

Description
IBM Connections Mail plug-in for Connections 4.0, 4.5 and 5.0 is vulnerable to a cross-site scripting vulnerability in the IBM Dojo Tookit and another cross-site scripting vulnerability in the CKEditor. Refer to the links below for fix downloads. CVE(s): CVE-2014-8917 and CVE-2014-5191 Affected product(s) and affected version(s): IBM Connections Mail Plug-in (for IBM Connections 5.0) - 1.6 IBM Connections Mail (for IBM Connections 4.5) - 1.3 IBM Connections Mail (for IBM Connections

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_connections_mail_plug_in_cve_2014_5191_cve_2014_8917?lang=en_us

Standar resources
Property Value
CVE CVE-2014-8917 ,CVE-2014-5191 ,CVE-2015-0488 ,CVE-2015-0478 ,CVE-2015-0204 ,CVE-2015-2808 ,CVE-2015-1916 ,CVE-2015-0138 and CVE-2014-6593.

Version history
Version Comments Date
1.0 Advisory issued 2015-05-23
Ministerio de Defensa
CNI
CCN
CCN-CERT