CVE-2025-2697

Опубликовано: 26 авг. 2025

Источник: nvd

CVSS3: 7.4

CVSS3: 9.3

EPSS Низкий

Описание

IBM Cognos Command Center 10.2.4.1 and 10.2.5

could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Ссылки

https://www.ibm.com/support/pages/node/7242159
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

7.4 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-5266-q47c-7q7c

CVSS3: 7.4

github

6 месяцев назад

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

EPSS

Процентиль: 8%

0.00029

Низкий

7.4 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-601