CVE-2014-8894 — IBM Tririga Application Platform vulnerability

3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 60.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tririga Application Platform

Timeline

PublishedJan 29

Latest updateMay 17

Description

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/tririga_application_platform7 versions+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-g5hh-g7vq-mqpf: Open redirect vulnerability in IBM TRIRIGA Application Platform 3↗2022-05-17

▶

CVEList

CVE-2014-8894: Open redirect vulnerability in IBM TRIRIGA Application Platform 3↗2015-01-29

▶