Lucene search

[email protected]NVD:CVE-2018-1736

HistorySep 27, 2018 - 7:29 p.m.

CVE-2018-1736

2018-09-2719:29:00

CWE-601

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.

Affected configurations

NVD

Node

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1-

ibmwebsphere_portalMatch7.0.0.1cf002

ibmwebsphere_portalMatch7.0.0.1cf003

ibmwebsphere_portalMatch7.0.0.1cf004

ibmwebsphere_portalMatch7.0.0.1cf005

ibmwebsphere_portalMatch7.0.0.1cf006

ibmwebsphere_portalMatch7.0.0.1cf007

ibmwebsphere_portalMatch7.0.0.1cf008

ibmwebsphere_portalMatch7.0.0.1cf009

ibmwebsphere_portalMatch7.0.0.1cf010

ibmwebsphere_portalMatch7.0.0.1cf011

ibmwebsphere_portalMatch7.0.0.1cf012

ibmwebsphere_portalMatch7.0.0.1cf013

ibmwebsphere_portalMatch7.0.0.1cf014

ibmwebsphere_portalMatch7.0.0.1cf015

ibmwebsphere_portalMatch7.0.0.1cf016

ibmwebsphere_portalMatch7.0.0.1cf017

ibmwebsphere_portalMatch7.0.0.1cf018

ibmwebsphere_portalMatch7.0.0.1cf019

ibmwebsphere_portalMatch7.0.0.1cf020

ibmwebsphere_portalMatch7.0.0.2-

ibmwebsphere_portalMatch7.0.0.2cf011

ibmwebsphere_portalMatch7.0.0.2cf012

ibmwebsphere_portalMatch7.0.0.2cf013

ibmwebsphere_portalMatch7.0.0.2cf014

ibmwebsphere_portalMatch7.0.0.2cf015

ibmwebsphere_portalMatch7.0.0.2cf016

ibmwebsphere_portalMatch7.0.0.2cf017

ibmwebsphere_portalMatch7.0.0.2cf018

ibmwebsphere_portalMatch7.0.0.2cf019

ibmwebsphere_portalMatch7.0.0.2cf020

ibmwebsphere_portalMatch7.0.0.2cf021

ibmwebsphere_portalMatch7.0.0.2cf022

ibmwebsphere_portalMatch7.0.0.2cf023

ibmwebsphere_portalMatch7.0.0.2cf024

ibmwebsphere_portalMatch7.0.0.2cf025

ibmwebsphere_portalMatch7.0.0.2cf026

ibmwebsphere_portalMatch7.0.0.2cf027

ibmwebsphere_portalMatch7.0.0.2cf028

ibmwebsphere_portalMatch7.0.0.2cf029

ibmwebsphere_portalMatch7.0.0.2cf030

ibmwebsphere_portalMatch8.0.0.0-

ibmwebsphere_portalMatch8.0.0.0cf01

ibmwebsphere_portalMatch8.0.0.0cf02

ibmwebsphere_portalMatch8.0.0.0cf03

ibmwebsphere_portalMatch8.0.0.0cf04

ibmwebsphere_portalMatch8.0.0.0cf05

ibmwebsphere_portalMatch8.0.0.0cf06

ibmwebsphere_portalMatch8.0.0.1-

ibmwebsphere_portalMatch8.0.0.1cf04

ibmwebsphere_portalMatch8.0.0.1cf05

ibmwebsphere_portalMatch8.0.0.1cf06

ibmwebsphere_portalMatch8.0.0.1cf07

ibmwebsphere_portalMatch8.0.0.1cf08

ibmwebsphere_portalMatch8.0.0.1cf09

ibmwebsphere_portalMatch8.0.0.1cf10

ibmwebsphere_portalMatch8.0.0.1cf11

ibmwebsphere_portalMatch8.0.0.1cf12

ibmwebsphere_portalMatch8.0.0.1cf13

ibmwebsphere_portalMatch8.0.0.1cf14

ibmwebsphere_portalMatch8.0.0.1cf15

ibmwebsphere_portalMatch8.0.0.1cf16

ibmwebsphere_portalMatch8.0.0.1cf17

ibmwebsphere_portalMatch8.0.0.1cf18

ibmwebsphere_portalMatch8.0.0.1cf19

ibmwebsphere_portalMatch8.0.0.1cf20

ibmwebsphere_portalMatch8.0.0.1cf21

ibmwebsphere_portalMatch8.0.0.1cf22

ibmwebsphere_portalMatch8.0.0.1cf23

ibmwebsphere_portalMatch8.5.0.0-

ibmwebsphere_portalMatch8.5.0.0cf01

ibmwebsphere_portalMatch8.5.0.0cf02

ibmwebsphere_portalMatch8.5.0.0cf03

ibmwebsphere_portalMatch8.5.0.0cf04

ibmwebsphere_portalMatch8.5.0.0cf05

ibmwebsphere_portalMatch8.5.0.0cf06

ibmwebsphere_portalMatch8.5.0.0cf07

ibmwebsphere_portalMatch8.5.0.0cf08

ibmwebsphere_portalMatch8.5.0.0cf09

ibmwebsphere_portalMatch8.5.0.0cf10

ibmwebsphere_portalMatch8.5.0.0cf11

ibmwebsphere_portalMatch8.5.0.0cf12

ibmwebsphere_portalMatch8.5.0.0cf13

ibmwebsphere_portalMatch8.5.0.0cf14

ibmwebsphere_portalMatch8.5.0.0cf15

ibmwebsphere_portalMatch9.0.0.0-

ibmwebsphere_portalMatch9.0.0.0cf14

ibmwebsphere_portalMatch9.0.0.0cf15

References

www.securityfocus.com/bid/105490

www.securitytracker.com/id/1041753

exchange.xforce.ibmcloud.com/vulnerabilities/147906

www.ibm.com/support/docview.wss?uid=ibm10729683

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for NVD:CVE-2018-1736

cvelist1 prion1 cve1 nessus1