cnvd-2017-30662
Vulnerability from cnvd
Title: IBM Security Access Manager开放重定向漏洞
Description:
IBM Security Access Manager是美国IBM公司的一款应用于信息安全管理的产品。该产品通过面向Web、移动和云计算的集成设备来实现访问管理控制。
IBM Security Access Manager多版本存在开放重定向漏洞。远程攻击者可通过诱使用户访问特制的网站利用该漏洞将用户重定向恶意的网站,实施钓鱼攻击,获取敏感信息。
Severity: 中
Patch Name: IBM Security Access Manager开放重定向漏洞的补丁
Patch Description:
IBM Security Access Manager是美国IBM公司的一款应用于信息安全管理的产品。该产品通过面向Web、移动和云计算的集成设备来实现访问管理控制。
IBM Security Access Manager多版本存在开放重定向漏洞。远程攻击者可通过诱使用户访问特制的网站利用该漏洞将用户重定向恶意的网站,实施钓鱼攻击,获取敏感信息。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg22006959
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg22006959 http://www.securityfocus.com/bid/100592
Impacted products
| Name | ['IBM Security Access Manager For Mobile 8.0.0.0', 'IBM Security Access Manager For Mobile 8.0.0.1', 'IBM Security Access Manager For Mobile 8.0.0.3', 'IBM Security Access Manager 9.0', 'IBM Security Access Manager for Web 8.0.1', 'IBM Security Access Manager 9.0.2.0', 'IBM Security Access Manager 9.0.1.0', 'IBM Security Access Manager 9.0.3.0', 'IBM Security Access Manager for Web 8.0.2', 'IBM Security Access Manager for Web 8.0.3', 'IBM Security Access Manager for Web 8.0.0.0', 'IBM Security Access Manager for Web 8.0.0.4', 'IBM Security Access Manager for Web 8.0.0.5', 'IBM Security Access Manager for Web 8.0.1.0', 'IBM Security Access Manager for Web 8.0.1.1', 'IBM Security Access Manager for Web 8.0.1.2', 'IBM Security Access Manager for Web 8.0.1.3', 'IBM Security Access Manager for Web 8.0.1.4', 'IBM Security Access Manager for Web 8.0.1.5', 'IBM Security Access Manager for Web 7.0.0.10', 'IBM Security Access Manager for Web 7.0.0.11', 'IBM Security Access Manager for Web 7.0.0.12', 'IBM Security Access Manager for Web 7.0.0.13', 'IBM Security Access Manager for Web 7.0.0.14', 'IBM Security Access Manager for Web 7.0.0.15', 'IBM Security Access Manager for Web 7.0.0.16', 'IBM Security Access Manager for Web 7.0.0.17', 'IBM Security Access Manager for Web 7.0.0.18', 'IBM Security Access Manager for Web 7.0.0.20', 'IBM Security Access Manager For Mobile 8.0.0.2', 'IBM Security Access Manager For Mobile 8.0.0.4', 'IBM Security Access Manager For Mobile 8.0.0.5', 'IBM Security Access Manager For Mobile 8.0.1.1', 'IBM Security Access Manager For Mobile 8.0.1.2', 'IBM Security Access Manager For Mobile 8.0.1.3', 'IBM Security Access Manager For Mobile 8.0.1.4', 'IBM Security Access Manager For Mobile 8.0.1.5', 'IBM Security Access Manager For Mobile 8.0.1', 'IBM Tivoli Access Manager for e-business 6.1', 'IBM Tivoli Access Manager for e-business 6.1.1', 'IBM Tivoli Access Manager for e-business 6.1.0.5'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "100592"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-1489"
}
},
"description": "IBM Security Access Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u4e8e\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7684\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u901a\u8fc7\u9762\u5411Web\u3001\u79fb\u52a8\u548c\u4e91\u8ba1\u7b97\u7684\u96c6\u6210\u8bbe\u5907\u6765\u5b9e\u73b0\u8bbf\u95ee\u7ba1\u7406\u63a7\u5236\u3002\r\n\r\nIBM Security Access Manager\u591a\u7248\u672c\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u6076\u610f\u7684\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "IBM",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22006959",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-30662",
"openTime": "2017-10-19",
"patchDescription": "IBM Security Access Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u4e8e\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7684\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u901a\u8fc7\u9762\u5411Web\u3001\u79fb\u52a8\u548c\u4e91\u8ba1\u7b97\u7684\u96c6\u6210\u8bbe\u5907\u6765\u5b9e\u73b0\u8bbf\u95ee\u7ba1\u7406\u63a7\u5236\u3002\r\n\r\nIBM Security Access Manager\u591a\u7248\u672c\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u6076\u610f\u7684\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Security Access Manager\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"IBM Security Access Manager For Mobile 8.0.0.0",
"IBM Security Access Manager For Mobile 8.0.0.1",
"IBM Security Access Manager For Mobile 8.0.0.3",
"IBM Security Access Manager 9.0",
"IBM Security Access Manager for Web 8.0.1",
"IBM Security Access Manager 9.0.2.0",
"IBM Security Access Manager 9.0.1.0",
"IBM Security Access Manager 9.0.3.0",
"IBM Security Access Manager for Web 8.0.2",
"IBM Security Access Manager for Web 8.0.3",
"IBM Security Access Manager for Web 8.0.0.0",
"IBM Security Access Manager for Web 8.0.0.4",
"IBM Security Access Manager for Web 8.0.0.5",
"IBM Security Access Manager for Web 8.0.1.0",
"IBM Security Access Manager for Web 8.0.1.1",
"IBM Security Access Manager for Web 8.0.1.2",
"IBM Security Access Manager for Web 8.0.1.3",
"IBM Security Access Manager for Web 8.0.1.4",
"IBM Security Access Manager for Web 8.0.1.5",
"IBM Security Access Manager for Web 7.0.0.10",
"IBM Security Access Manager for Web 7.0.0.11",
"IBM Security Access Manager for Web 7.0.0.12",
"IBM Security Access Manager for Web 7.0.0.13",
"IBM Security Access Manager for Web 7.0.0.14",
"IBM Security Access Manager for Web 7.0.0.15",
"IBM Security Access Manager for Web 7.0.0.16",
"IBM Security Access Manager for Web 7.0.0.17",
"IBM Security Access Manager for Web 7.0.0.18",
"IBM Security Access Manager for Web 7.0.0.20",
"IBM Security Access Manager For Mobile 8.0.0.2",
"IBM Security Access Manager For Mobile 8.0.0.4",
"IBM Security Access Manager For Mobile 8.0.0.5",
"IBM Security Access Manager For Mobile 8.0.1.1",
"IBM Security Access Manager For Mobile 8.0.1.2",
"IBM Security Access Manager For Mobile 8.0.1.3",
"IBM Security Access Manager For Mobile 8.0.1.4",
"IBM Security Access Manager For Mobile 8.0.1.5",
"IBM Security Access Manager For Mobile 8.0.1",
"IBM Tivoli Access Manager for e-business 6.1",
"IBM Tivoli Access Manager for e-business 6.1.1",
"IBM Tivoli Access Manager for e-business 6.1.0.5"
]
},
"referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22006959\r\nhttp://www.securityfocus.com/bid/100592",
"serverity": "\u4e2d",
"submitTime": "2017-08-29",
"title": "IBM Security Access Manager\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…