Open Redirect Vulnerabilities in IBM WebSphere Commerce Products
CVE-2015-7397
7.4HIGH
Summary
Multiple open redirect vulnerabilities exist in the Aurora starter store of IBM WebSphere Commerce, affecting versions 7.0 through Feature Pack 8. These vulnerabilities enable remote attackers to manipulate user redirections, potentially leading to unauthorized access and phishing attacks. By exploiting the URL in the referrer parameter, attackers can redirect users to arbitrary, malicious websites, compromising user data and security.
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved