Open Redirect Vulnerabilities in IBM WebSphere Commerce Products
CVE-2015-7397

7.4HIGH

Key Information:

Vendor
IBM
Status
Websphere Commerce
Vendor
CVE Published:
10 January 2016

Summary

Multiple open redirect vulnerabilities exist in the Aurora starter store of IBM WebSphere Commerce, affecting versions 7.0 through Feature Pack 8. These vulnerabilities enable remote attackers to manipulate user redirections, potentially leading to unauthorized access and phishing attacks. By exploiting the URL in the referrer parameter, attackers can redirect users to arbitrary, malicious websites, compromising user data and security.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24041142
x_refsource_CONFIRM
http://www.securitytracker.com/id/1034640
vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21969562
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.