Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM35E2D76773CD64A45FBEF72B0B47BB9263435EF3E6E98B74A0268BBE959F92EA
HistoryJan 05, 2023 - 3:17 p.m.

Security Bulletin: ITNM is vulnerable to redirect vulnerabilities due to use of nitely/spirit libraries prior to 0.12.3 (CVE-2022-0869)

2023-01-0515:17:26
www.ibm.com
42
ibm tivoli network manager
itnm 4.2
spirit library
cve-2022-0869
redirect vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.4%

JSON

Summary

Vulnerability (CVE-2022-0869) found related to Spirit libraries used in IBM Tivoli Network Manager (ITNM) IP Edition. The fix contains the removal of vulnerable libraries.

Vulnerability Details

CVEID:CVE-2022-0869
**DESCRIPTION:**Spirit could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the /user/login endpoint. An attacker could exploit this vulnerability using the next parameter to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221211 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ITNM 4.2 GA through to 4.2.0.15

Remediation/Fixes

The issue has been Fixed in ITNM 4.2 Fix Pack 16 (i.e. 4.2.0.16). Upgrade ITNM 4.2 to Fix Pack 16 from Fix Central.

4.2.0-TIV-ITNMIP-Linux-FP0016

4.2.0-TIV-ITNMIP-zLinux-FP0016

4.2.0-TIV-ITNMIP-AIX-FP0016

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_storage_managerMatch4.2.0

Related

osv 2
cve 1
github 1
huntr 1
nuclei 1
veracode 1
cvelist 1
nvd 1
prion 1
osv
osv
CVE-2022-0869
2022-03-06 10:15:08
Open Redirect in django-spirit
2022-03-07 00:00:40
cve
cve
CVE-2022-0869
2022-03-06 10:15:08
github
github
Open Redirect in django-spirit
2022-03-07 00:00:40
huntr
huntr
Multiple Open Redirect
2022-02-21 00:52:20
nuclei
nuclei
nitely/spirit 0.12.3 - Open Redirect
2023-06-15 07:31:32
veracode
veracode
Open Redirect
2022-03-09 08:38:07
cvelist
cvelist
CVE-2022-0869 Multiple Open Redirect in nitely/spirit
2022-03-06 09:20:09
nvd
nvd
CVE-2022-0869
2022-03-06 10:15:08
prion
prion
Open redirect
2022-03-06 10:15:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.4%

JSON
Related for 35E2D76773CD64A45FBEF72B0B47BB9263435EF3E6E98B74A0268BBE959F92EA
osv2cve1github1huntr1nuclei1veracode1cvelist1nvd1prion1