Open Redirect Vulnerability in IBM Security Access Manager
CVE-2019-4153

6.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 through 9.0.6 are susceptible to an open redirect vulnerability that could be exploited by remote attackers. This flaw allows attackers to redirect victims to malicious websites disguised as trusted ones. By crafting a deceptive link, an attacker can manipulate a user's browser to present a spoofed URL, enhancing the risk of phishing attacks and the potential for sensitive information theft or further exploitation against the targeted individuals.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.