Open Redirect Vulnerabilities in IBM WebSphere Commerce Products
CVE-2015-7397

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
10 January 2016

Summary

Multiple open redirect vulnerabilities exist in the Aurora starter store of IBM WebSphere Commerce, affecting versions 7.0 through Feature Pack 8. These vulnerabilities enable remote attackers to manipulate user redirections, potentially leading to unauthorized access and phishing attacks. By exploiting the URL in the referrer parameter, attackers can redirect users to arbitrary, malicious websites, compromising user data and security.

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.