CVE-2015-1921 - Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06

CVE-2015-1921

Summary

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

References

Vulnerable Configurations

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 17-08-2016 - 19:11)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

aixapar	PI38632
bid	74705
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21884060

Last major update

17-08-2016 - 19:11

Published

25-05-2015 - 00:59

Last modified

17-08-2016 - 19:11