Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEC6546AD78069F580D23481B6CD3653D1F6E41477D121A426EF95CE1079F0A14
HistoryJun 17, 2018 - 3:33 p.m.

Security Bulletin: IBM Tivoli Netcool Impact affected by Open Redirect vulnerability in IBM WebSphere Application Server Liberty (CVE-2016-3040)

2018-06-1715:33:17
www.ibm.com
2

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

JSON

Summary

IBM WebSphere Application Server Liberty is shipped as a component of IBM Tivoli Netcool Impact. There is an Open Redirect Vulnerability in IBM WebSphere Application Server Liberty.

Vulnerability Details

CVEID: CVE-2016-3040**
DESCRIPTION:** IBM WebSphere Application Server Liberty could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Netcool Impact | 7.1.0.8| None| IBM Tivoli Netcool Impact 7.1.0 FP08

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

Related

ibm 17
prion 1
cve 1
cvelist 1
ibm
ibm
Security Bulletin: Open Redirect vulnerability in WebSphere Application Server Liberty affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3040)
2021-04-28 18:35:50
Security Bulletin: Open Redirect vulnerability in WebSphere Application Server Liberty (CVE-2016-3040)
2018-06-15 07:05:58
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3040
2022-02-22 19:27:34
prion
prion
Code injection
2016-09-26 04:59:00
cve
cve
CVE-2016-3040
2016-09-26 04:59:00
cvelist
cvelist
CVE-2016-3040
2016-09-26 01:00:00

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

JSON
Related for EC6546AD78069F580D23481B6CD3653D1F6E41477D121A426EF95CE1079F0A14
ibm17prion1cve1cvelist1