Follow-redirects is used by IBM MQ Appliance as part of the MQ Console. CVE-2023-26159.
CVEID:CVE-2023-26159
**DESCRIPTION:**follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.3 LTS |
IBM MQ Appliance | 9.3 CD |
This vulnerability is addressed under APAR IT45253
IBM strongly recommends addressing the vulnerability now.
IBM MQ Appliance version 9.3 LTS
Apply IBM MQ Appliance 9.3.0.16 cumulative security update, or later firmware.
IBM MQ Appliance version 9.3 CD
Apply IBM MQ Appliance 9.3.5 Continuous Delivery release, or later firmware.
None