Open Redirect Vulnerability in IBM Security Access Manager
CVE-2019-4153
6.8MEDIUM
Summary
IBM Security Access Manager versions 9.0.1 through 9.0.6 are susceptible to an open redirect vulnerability that could be exploited by remote attackers. This flaw allows attackers to redirect victims to malicious websites disguised as trusted ones. By crafting a deceptive link, an attacker can manipulate a user's browser to present a spoofed URL, enhancing the risk of phishing attacks and the potential for sensitive information theft or further exploitation against the targeted individuals.
Affected Version(s)
Security Access Manager 9.0.1
Security Access Manager 9.0.3
Security Access Manager 9.0.4
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved