| Vulnerability Name: | CVE-2015-7428 (CCN-107852) | ||||||||||||
| Assigned: | 2015-09-29 | ||||||||||||
| Published: | 2016-02-23 | ||||||||||||
| Updated: | 2016-03-02 | ||||||||||||
| Summary: | Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') <br /> <br /> Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a> | ||||||||||||
| CVSS v3 Severity: | 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) 6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-7428 Source: AIXAPAR Type: UNKNOWN PI51589 Source: CONFIRM Type: UNKNOWN http://www.ibm.com/support/docview.wss?uid=swg21975358 Source: CCN Type: IBM Security Bulletin 1976358 (WebSphere Portal) Fixes available for Security Vulnerabilities in IBM WebSphere Portal Source: XF Type: UNKNOWN ibm-websphere-cve20157428-open-redirect(107852) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||