Open Redirect Vulnerability in IBM WebSphere Portal
CVE-2016-2989

6.5MEDIUM

Key Information:

Vendor

IBM
Status
Connections Portlets
Vendor
CVE Published:
8 August 2016

What is CVE-2016-2989?

The Connections Portlets component in IBM WebSphere Portal versions prior to 5.0.2 is susceptible to an open redirect vulnerability. This flaw permits remote attackers to redirect users to arbitrary external websites, potentially enabling them to execute phishing attacks. Attackers can exploit this issue through unspecified vectors, which may compromise user trust and lead to unauthorized access to sensitive information. Organizations using affected versions are advised to upgrade to the latest version to mitigate this risk.

References

http://www.securityfocus.com/bid/92344
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036498
vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21986393
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.