1. CVE-Search
  2. CVE-2019-4166
ID CVE-2019-4166
Summary IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:storediq:7.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:storediq:7.6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storediq:7.6.0.18:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 03-02-2023 - 20:42)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 108121
confirm http://www.ibm.com/support/docview.wss?uid=ibm10881404
xf ibm-storeiq-cve20194166-open-redirect (158699)
Last major update 03-02-2023 - 20:42
Published 30-04-2019 - 15:29
Last modified 03-02-2023 - 20:42
Back to Top