Phishing Vulnerability in IBM WebSphere Application Server Liberty
CVE-2016-3040

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Security Privileged Identity Manager Virtual Appliance
Vendor: CVE Published:; 26 September 2016

What is CVE-2016-3040?

The vulnerability in IBM WebSphere Application Server Liberty allows remote authenticated users to exploit weaknesses within the system to redirect other users to malicious websites. This can facilitate phishing attacks, where unsuspecting users are led to fraudulent login pages, compromising sensitive information. Such vulnerabilities highlight the importance of timely updates and robust security practices to safeguard against unauthorized access and exploitation.

References

http://www.securityfocus.com/bid/92986

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21989205

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2016
Vulnerability Reserved
Mar 9, 2016