Open Redirect Vulnerability in IBM Cloud Private
CVE-2018-1939

6.8MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Private
Vendor
CVE Published:
5 March 2019

Summary

An open redirect vulnerability exists in IBM Cloud Private 3.1.1 that could be exploited by remote attackers to perform phishing attacks. By luring victims to a specially-crafted website, attackers can manipulate URLs displayed in the address bar, misleading users into thinking they are visiting a trusted site. This deception could lead to unauthorized disclosure of sensitive information or facilitate subsequent attacks targeting the victim. For more information, refer to IBM's documentation and security advisory.

Affected Version(s)

Cloud Private 3.1.1

References

http://www.securityfocus.com/bid/107302
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10871652
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/153319
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.