Open Redirect Vulnerability in IBM WebSphere Commerce Products
CVE-2017-1398

6.1MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Commerce Enterprise
Vendor
CVE Published:
10 July 2017

What is CVE-2017-1398?

IBM WebSphere Commerce in its various editions is susceptible to an open redirect vulnerability that could be exploited by remote attackers. By tricking users into clicking on deceptive links, attackers can redirect victims to malicious sites that impersonate trusted domains. This manipulation can lead to the exposure of sensitive information and enable subsequent attacks, posing a significant risk for users and their data. Organizations utilizing IBM WebSphere Commerce should prioritize addressing this issue to bolster their security posture.

Affected Version(s)

WebSphere Commerce Enterprise 6.0

WebSphere Commerce Enterprise 7.0

WebSphere Commerce Enterprise 8.0

References

http://www.ibm.com/support/docview.wss?uid=swg22005360
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99491
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/127385
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.