Описание
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:rational_policy_tester:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_policy_tester:8.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_policy_tester:8.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_policy_tester:8.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_policy_tester:8.5.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00143
Низкий
4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.
EPSS
Процентиль: 35%
0.00143
Низкий
4 Medium
CVSS2
Дефекты
CWE-287