Open Redirect Vulnerability in IBM InfoSphere Information Governance Catalog
CVE-2018-1875

7.4HIGH

Key Information:

Vendor: IBM
Status: Infosphere Information Governance Catalog; Infosphere Information Server On Cloud
Vendor: CVE Published:; 5 March 2019

Summary

The InfoSphere Information Governance Catalog from IBM contains an open redirect vulnerability that could be exploited by remote attackers. By tricking users into visiting malicious websites, attackers can manipulate the URL displayed in the user's browser, leading to phishing attacks. This vulnerability allows attackers to gain sensitive information by redirecting users to sites that appear to be trusted, making it imperative for users to remain vigilant and for organizations to apply security patches promptly.

Affected Version(s)

InfoSphere Information Governance Catalog 11.3

InfoSphere Information Governance Catalog 11.5

InfoSphere Information Governance Catalog 11.7

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/151639

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10738911

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Dec 13, 2017