Open Redirect Vulnerability in IBM Platform and Spectrum Symphony
CVE-2018-1704

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Platform Symphony; Spectrum Symphony
Vendor: CVE Published:; 28 September 2018

Summary

IBM Platform Symphony and IBM Spectrum Symphony are susceptible to an open redirect vulnerability, enabling remote attackers to execute phishing attacks. By tricking victims into visiting maliciously crafted websites, an attacker can manipulate the displayed URL to appear trustworthy. This could lead to unauthorized access to sensitive information or facilitate further malicious actions against the victim.

Affected Version(s)

Platform Symphony 7.1.1

Platform Symphony 7.1

Spectrum Symphony 7.2.0.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/146339

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10719671

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 28, 2018
Vulnerability Reserved
Dec 13, 2017