Vulnerability CVE-2016-0329

Vulnerability CVE-2016-0329

Published: 2018-02-02 Modified: 2018-02-05

Description:

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.9/10	4.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
IBM -> Emptoris sourcing

References:

http://www-01.ibm.com/support/docview.wss?uid=swg21982629

https://exchange.xforce.ibmcloud.com/vulnerabilities/111692

Copyright 2024, cxsecurity.com