| Vulnerability Name: | CVE-2014-4760 (CCN-94657) | ||||||||
| Assigned: | 2014-07-30 | ||||||||
| Published: | 2014-07-30 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-4760 Source: SECUNIA Type: UNKNOWN 60597 Source: AIXAPAR Type: UNKNOWN PI19877 Source: CCN Type: IBM Security Bulletin 1680230 Fixes available for Security Vulnerabilities in IBM WebSphere Portal (Multiple CVEs) Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21680230 Source: CCN Type: BID-69047 IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability Source: SECTRACK Type: UNKNOWN 1030669 Source: XF Type: UNKNOWN ibm-websphere-cve20144760-open-redirect(94657) Source: XF Type: UNKNOWN ibm-websphere-cve20144760-open-redirect(94657) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||