Open Redirect Vulnerability in IBM Cloud Orchestrator
CVE-2016-0204

6.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
16 October 2016

Summary

An open redirect vulnerability exists in IBM Cloud Orchestrator versions prior to 2.4.0 FP3, allowing remote authenticated users to redirect unsuspecting users to malicious websites. This can facilitate phishing attacks, putting sensitive information at risk. Proper validation of redirect URLs is essential to mitigate exploitation.

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.