Open Redirect Vulnerability in IBM Security Access Manager
CVE-2019-4153

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager
Vendor: CVE Published:; 25 June 2019

Summary

IBM Security Access Manager versions 9.0.1 through 9.0.6 are susceptible to an open redirect vulnerability that could be exploited by remote attackers. This flaw allows attackers to redirect victims to malicious websites disguised as trusted ones. By crafting a deceptive link, an attacker can manipulate a user's browser to present a spoofed URL, enhancing the risk of phishing attacks and the potential for sensitive information theft or further exploitation against the targeted individuals.

Affected Version(s)

Security Access Manager 9.0.1

Security Access Manager 9.0.3

Security Access Manager 9.0.4

References

https://www.ibm.com/support/docview.wss?uid=ibm10888379

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158517

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 25, 2019
Vulnerability Reserved
Jan 3, 2019