Vulnerability CVE-2014-0958 - CERT Civis.Net

Vulnerability Name:

CVE-2014-0958 (CCN-92739)

Assigned:

2014-05-13

Published:

2014-05-13

Updated:

2017-08-29

Summary:

Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CWE-601: URL Redirection to Untrusted Site ('Open Redirect') http://cwe.mitre.org/data/definitions/601.html

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-0958

Source: AIXAPAR
Type: UNKNOWN
PI15689

Source: CCN
Type: IBM Security Bulletin 1672572
Fixes available for Security Vulnerabilities in IBM WebSphere Portal (Multiple CVEs)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21672572

Source: CCN
Type: BID-67414
IBM WebSphere Portal CVE-2014-0958 Open Redirection Vulnerability

Source: XF
Type: UNKNOWN
ibm-websphere-cve20140958-url-redirect(92739)

Source: XF
Type: UNKNOWN
ibm-websphere-cve20140958-url-redirect(92739)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable