CVE-2008-4284 — Link Following in IBM Websphere Application Server

CWE-59 — Link Following3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 41.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedFeb 10

Latest updateMay 2

Description

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/websphere_application_server108 versions+107

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3qj-p2x9-x5g4: Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5↗2022-05-02

▶

CVEList

CVE-2008-4284: Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5↗2009-02-10

▶