IBMA5C907CDC6A3F9FC1B5470F3CB320761D639B6AD3A7159525526A9511E7CD286Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201)
0.001 Low
EPSS
Percentile
40.1%
Summary
Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201)
Vulnerability Details
CVEID: CVE-2019-4201 DESCRIPTION: IBM Jazz for Service Management could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159122> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
Affected Products and Versions
Jazz for Service Management version 1.1.3 - 1.1.3.2
Remediation/Fixes
| Affected JazzSM Version | Recommended Fix. |
|---|---|
| Jazz for Service Management version 1.1.3 - 1.1.3.2 | [ |
](<https://www-01.ibm.com/support/docview.wss?uid=ibm10730631>)Install 1.1.3-TIV-JazzSM-multi-FP003
Workarounds and Mitigations
Please refer Read-me available as part of 1.1.3-TIV-JazzSM-multi-FP003
| CPE | Name | Operator | Version |
|---|---|---|---|
| jazz for service management | eq | 1.1.3 | |
| jazz for service management | eq | 1.1.3.1 | |
| jazz for service management | eq | 1.1.3.2 |
Related
0.001 Low
EPSS
Percentile
40.1%