CVE-2010-0715

3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.6%

top 30.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Quickr IBM Lotus WEB Content Management IBM Lotus Workplace WEB Content Management +1 more

Timeline

PublishedFeb 26

Latest updateMay 2

Description

Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDibm/lotus_workplace_web_content_management24 versions+23

▶NVDibm/lotus_web_content_management24 versions+23

▶NVDibm/lotus_quickr5 versions+4

▶NVDibm/websphere_portal24 versions+23

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2m9h-jfmc-6h86: Open redirect vulnerability in login↗2022-05-02

▶

CVEList

CVE-2010-0715: Open redirect vulnerability in login↗2010-02-26

▶