CVE-2017-1534

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22008936
Vendor Advisory
http://www.securityfocus.com/bid/102509
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040169
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/130676
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22008936
Vendor Advisory
http://www.securityfocus.com/bid/102509
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040169
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/130676
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00291

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-26j3-2p2r-5mwf

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 52%

0.00291

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601