Open Redirect Vulnerability in IBM Security Secret Server
CVE-2020-4840

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 December 2020

Summary

IBM Security Secret Server version 10.6 is vulnerable to an open redirect flaw, which can be exploited by remote attackers to execute phishing schemes. By tricking victims into visiting a specially crafted web page, an attacker can manipulate the displayed URL, leading users to a malicious site made to look trustworthy. This exploitation can result in the capture of sensitive information or serve as a gateway for further malicious activities against the unwitting victim.

Affected Version(s)

Security Secret Server 10.6

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.