| Vulnerability Name: | CVE-2013-3997 (CCN-84986) | ||||||||
| Assigned: | 2013-06-07 | ||||||||
| Published: | 2014-03-20 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667812 "Affected Products and Versions IBM InfoSphere BigInsights versions 1.1 through 2.1" | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N) 3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3997 Source: CCN Type: SA57538 IBM InfoSphere BigInsights Redirection Weakness and HTTP Response Splitting Vulnerability Source: CCN Type: IBM Security Bulletin 1667812 Multiple vulnerabilities in InfoSphere BigInsights (CVE-2013-3998, CVE-2013-3997) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21667812 Source: BID Type: UNKNOWN 66360 Source: CCN Type: BID-66360 IBM InfoSphere BigInsights CVE-2013-3997 Open Redirection Vulnerability Source: XF Type: UNKNOWN ibm-infosphere-cve20133997-url-redirect(84986) Source: XF Type: UNKNOWN ibm-infosphere-cve20133997-url-redirect(84986) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||