Open Redirect Vulnerability in IBM Cloud Orchestrator
CVE-2016-0204

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Orchestrator
Vendor: CVE Published:; 16 October 2016

Summary

An open redirect vulnerability exists in IBM Cloud Orchestrator versions prior to 2.4.0 FP3, allowing remote authenticated users to redirect unsuspecting users to malicious websites. This can facilitate phishing attacks, putting sensitive information at risk. Proper validation of redirect URLs is essential to mitigate exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg2C1000124

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93512

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2016
Vulnerability Reserved
Dec 8, 2015