Open redirect

2017-07-1016:29:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.8%

JSON

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.

CPENameOperatorVersion
websphere_commerceeq8.0.1.7
websphere_commerceeq8.0.0.2
websphere_commerceeq8.0.0.5
websphere_commerceeq8.0.0.18
websphere_commerceeq8.0.1.6
websphere_commerceeq8.0.0.6
websphere_commerceeq8.0.1.0
websphere_commerceeq8.0.0.9
websphere_commerceeq8.0.0.14
websphere_commerceeq8.0.0.8

Name	Operator	Version
websphere_commerce	eq	8.0.1.7
websphere_commerce	eq	8.0.0.2
websphere_commerce	eq	8.0.0.5
websphere_commerce	eq	8.0.0.18
websphere_commerce	eq	8.0.1.6
websphere_commerce	eq	8.0.0.6
websphere_commerce	eq	8.0.1.0
websphere_commerce	eq	8.0.0.9
websphere_commerce	eq	8.0.0.14
websphere_commerce	eq	8.0.0.8