Open Redirect Vulnerability in IBM WebSphere Portal
CVE-2018-1736

7.4HIGH

Key Information:

Vendor
IBM
Status
Websphere Portal
Vendor
CVE Published:
27 September 2018

Summary

IBM WebSphere Portal versions 7.0, 8.0, 8.5, and 9.0 are vulnerable to an open redirect attack, allowing remote attackers to perform phishing schemes. By luring victims to a specially crafted URL, attackers can exploit this vulnerability to spoof legitimate URLs, thereby redirecting victims to malicious sites disguised as trustworthy. This exploitation can lead to the compromise of sensitive information, potentially enabling attackers to conduct further malicious activities against targeted users.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

http://www.securitytracker.com/id/1041753
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105490
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/147906
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.