CVE-2010-2279 Information

Description

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2 when \forced SSL\ is enabled uses http for links which has unspecified impact and remote attack vectors.

Reference

http://secunia.com/advisories/40007 http://www.vupen.com/english/advisories/2010/1281 http://www-01.ibm.com/support/docview.wss?uid=swg21431472 http://www-1.ibm.com/support/docview.wss?uid=swg1LO48325