Open Redirect Vulnerability in IBM Jazz for Service Management
CVE-2019-4201

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 June 2019

Summary

IBM Jazz for Service Management versions 1.1.3, 1.1.3.1, and 1.1.3.2 contain an open redirect vulnerability that could be exploited by attackers to manipulate users into visiting malicious websites. By leveraging this vulnerability, a remote attacker can spoof legitimate URLs, leading unsuspecting users to untrusted sites under the guise of safety. This can facilitate phishing attacks aimed at capturing sensitive information or escalating further attacks against victims.

Affected Version(s)

Jazz for Service Management 1.1.3

Jazz for Service Management 1.1.3.1

Jazz for Service Management 1.1.3.2

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.