CVE-2012-2159

2012-06-2010:27:00

CWE-20

[email protected]

web.nvd.nist.gov

ibm

iehs

open redirect

vulnerability

phishing

attack

remote attackers

8.8 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

60.5%

JSON

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CPENameOperatorVersion
ibm:security_appscan_sourceibm security appscan sourceeq8.5
ibm:security_appscan_sourceibm security appscan sourceeq8.0.0.1
ibm:security_appscan_sourceibm security appscan sourceeq7.0
ibm:security_appscan_sourceibm security appscan sourceeq8.5.0.1
ibm:security_appscan_sourceibm security appscan sourceeq8.0.0.2
ibm:security_appscan_sourceibm security appscan sourceeq8.0
ibm:spss_data_collectionibm spss data collectioneq6.0.1
ibm:spss_data_collectionibm spss data collectioneq6.0

CPE	Name	Operator	Version
ibm:security_appscan_source	ibm security appscan source	eq	8.5
ibm:security_appscan_source	ibm security appscan source	eq	8.0.0.1
ibm:security_appscan_source	ibm security appscan source	eq	7.0
ibm:security_appscan_source	ibm security appscan source	eq	8.5.0.1
ibm:security_appscan_source	ibm security appscan source	eq	8.0.0.2
ibm:security_appscan_source	ibm security appscan source	eq	8.0
ibm:spss_data_collection	ibm spss data collection	eq	6.0.1
ibm:spss_data_collection	ibm spss data collection	eq	6.0