Lucene search

K
nvd[email protected]NVD:CVE-2017-1398
HistoryJul 10, 2017 - 4:29 p.m.

CVE-2017-1398

2017-07-1016:29:00
CWE-601
web.nvd.nist.gov
7
ibm websphere commerce
open redirect
phishing attack
remote exploitation
sensitive information

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.6%

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.

Affected configurations

Nvd
Node
ibmwebsphere_commerceMatch8.0.0.0
OR
ibmwebsphere_commerceMatch8.0.0.1
OR
ibmwebsphere_commerceMatch8.0.0.2
OR
ibmwebsphere_commerceMatch8.0.0.3
OR
ibmwebsphere_commerceMatch8.0.0.4
OR
ibmwebsphere_commerceMatch8.0.0.5
OR
ibmwebsphere_commerceMatch8.0.0.6
OR
ibmwebsphere_commerceMatch8.0.0.7
OR
ibmwebsphere_commerceMatch8.0.0.8
OR
ibmwebsphere_commerceMatch8.0.0.9
OR
ibmwebsphere_commerceMatch8.0.0.10
OR
ibmwebsphere_commerceMatch8.0.0.11
OR
ibmwebsphere_commerceMatch8.0.0.12
OR
ibmwebsphere_commerceMatch8.0.0.13
OR
ibmwebsphere_commerceMatch8.0.0.14
OR
ibmwebsphere_commerceMatch8.0.0.15
OR
ibmwebsphere_commerceMatch8.0.0.16
OR
ibmwebsphere_commerceMatch8.0.0.17
OR
ibmwebsphere_commerceMatch8.0.0.18
OR
ibmwebsphere_commerceMatch8.0.0.19
OR
ibmwebsphere_commerceMatch8.0.1.0
OR
ibmwebsphere_commerceMatch8.0.1.1
OR
ibmwebsphere_commerceMatch8.0.1.2
OR
ibmwebsphere_commerceMatch8.0.1.3
OR
ibmwebsphere_commerceMatch8.0.1.4
OR
ibmwebsphere_commerceMatch8.0.1.5
OR
ibmwebsphere_commerceMatch8.0.1.6
OR
ibmwebsphere_commerceMatch8.0.1.7
OR
ibmwebsphere_commerceMatch8.0.1.8
OR
ibmwebsphere_commerceMatch8.0.1.9
OR
ibmwebsphere_commerceMatch8.0.1.11
OR
ibmwebsphere_commerceMatch8.0.1.12
Node
ibmwebsphere_commerceMatch7.0
OR
ibmwebsphere_commerceMatch7.0.0.1
OR
ibmwebsphere_commerceMatch7.0.0.2
OR
ibmwebsphere_commerceMatch7.0.0.3
OR
ibmwebsphere_commerceMatch7.0.0.4
OR
ibmwebsphere_commerceMatch7.0.0.5
OR
ibmwebsphere_commerceMatch7.0.0.6
OR
ibmwebsphere_commerceMatch7.0.0.7
OR
ibmwebsphere_commerceMatch7.0.0.8
OR
ibmwebsphere_commerceMatch7.0.0.9
Node
ibmwebsphere_commerceMatch6.0.0.0
OR
ibmwebsphere_commerceMatch6.0.0.1
OR
ibmwebsphere_commerceMatch6.0.0.2
OR
ibmwebsphere_commerceMatch6.0.0.3
OR
ibmwebsphere_commerceMatch6.0.0.4
OR
ibmwebsphere_commerceMatch6.0.0.5
OR
ibmwebsphere_commerceMatch6.0.0.6
OR
ibmwebsphere_commerceMatch6.0.0.7
OR
ibmwebsphere_commerceMatch6.0.0.8
OR
ibmwebsphere_commerceMatch6.0.0.9
OR
ibmwebsphere_commerceMatch6.0.0.10
OR
ibmwebsphere_commerceMatch6.0.0.11
VendorProductVersionCPE
ibmwebsphere_commerce8.0.0.0cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.1cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.2cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.3cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.4cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.5cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.6cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.7cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.8cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce8.0.0.9cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 541

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.6%

Related for NVD:CVE-2017-1398