Open Redirect Vulnerability in IBM Curam Social Program Management
CVE-2018-1654

6.8MEDIUM

Key Information:

Vendor

IBM
Status
Curam Social Program Management
Vendor
CVE Published:
11 December 2018

What is CVE-2018-1654?

The vulnerability in IBM Curam Social Program Management allows remote attackers to exploit open redirects to conduct phishing attacks. By luring users to specially crafted URLs, attackers can spoof legitimate web addresses, leading users to malicious sites disguised as trusted platforms. This vulnerability presents significant risks as it can result in sensitive information leakage and pave the way for further malicious activities against unsuspecting victims.

Affected Version(s)

Curam Social Program Management 6.0.5

Curam Social Program Management 6.1.1

Curam Social Program Management 6.2.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/144747
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/106187
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10739027
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.