Open Redirect Vulnerability in IBM Security Secret Server
CVE-2020-4840
7.4HIGH
Summary
IBM Security Secret Server version 10.6 is vulnerable to an open redirect flaw, which can be exploited by remote attackers to execute phishing schemes. By tricking victims into visiting a specially crafted web page, an attacker can manipulate the displayed URL, leading users to a malicious site made to look trustworthy. This exploitation can result in the capture of sensitive information or serve as a gateway for further malicious activities against the unwitting victim.
Affected Version(s)
Security Secret Server 10.6
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved