CVE-2016-5977

Опубликовано: 26 сент. 2016

Источник: nvd

CVSS3: 6.8

CVSS2: 4.9

EPSS Низкий

Описание

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21990216
Vendor Advisory
http://www.securityfocus.com/bid/93139
http://www-01.ibm.com/support/docview.wss?uid=swg21990216
Vendor Advisory
http://www.securityfocus.com/bid/93139

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tealeaf_customer_experience:*:*:*:*:*:*:*:*

Версия до 8.7 (включая)

cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00113

Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-mwhv-wr6g-vr99