Open Redirect Vulnerability in IBM Jazz for Service Management
CVE-2019-4201

7.4HIGH

Key Information:

Vendor

IBM
Status
Jazz For Service Management
Vendor
CVE Published:
6 June 2019

What is CVE-2019-4201?

IBM Jazz for Service Management versions 1.1.3, 1.1.3.1, and 1.1.3.2 contain an open redirect vulnerability that could be exploited by attackers to manipulate users into visiting malicious websites. By leveraging this vulnerability, a remote attacker can spoof legitimate URLs, leading unsuspecting users to untrusted sites under the guise of safety. This can facilitate phishing attacks aimed at capturing sensitive information or escalating further attacks against victims.

Affected Version(s)

Jazz for Service Management 1.1.3

Jazz for Service Management 1.1.3.1

Jazz for Service Management 1.1.3.2

References

https://www.ibm.com/support/docview.wss?uid=ibm10885592
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/159122
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.