Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201)
CVEID: CVE-2019-4201 DESCRIPTION: IBM Jazz for Service Management could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159122> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
Jazz for Service Management version 1.1.3 - 1.1.3.2
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management version 1.1.3 - 1.1.3.2 | [ |
](<https://www-01.ibm.com/support/docview.wss?uid=ibm10730631>)Install 1.1.3-TIV-JazzSM-multi-FP003
Please refer Read-me available as part of 1.1.3-TIV-JazzSM-multi-FP003
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | 1.1.3 | |
jazz for service management | eq | 1.1.3.1 | |
jazz for service management | eq | 1.1.3.2 |