Open Redirect Vulnerability in IBM Security Directory Server 6.4.0
CVE-2019-4538

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
2 October 2019

Summary

IBM Security Directory Server 6.4.0 is susceptible to an open redirect vulnerability that allows remote attackers to conduct phishing attacks. By manipulating URLs, an attacker can deceive a victim into visiting a malicious site that masquerades as a trusted domain. This technique not only enables URL spoofing but also compromises sensitive information and facilitates further attacks against the victim. Organizations using this version of the server need to implement security measures to mitigate potential threats stemming from this vulnerability.

Affected Version(s)

Security Directory Server 6.4.0

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.