CVE-2015-2014

CWE-79 — Cross-site Scripting (XSS)CWE-285 CWE-400 — Uncontrolled Resource Consumption CWE-639 — Insecure Direct Object Reference45 documents12 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 57.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Domino

Timeline

PublishedAug 23

Latest updateMay 17

Description

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/domino5 versions+4

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

EC-CUBE vulnerable to authorization bypass↗2022-05-17

▶

GHSA

GHSA-26rg-rcff-mh7j: Open redirect vulnerability in the web server in IBM Domino 8↗2022-05-13

▶

OSV

libvirt vulnerabilities↗2016-01-12

▶

CVEList

CVE-2015-2014: Open redirect vulnerability in the web server in IBM Domino 8↗2015-08-23

▶

OSV

php5 vulnerabilities↗2015-02-17

▶

💥Exploits & PoCs

Exploit-DB

AirLive (Multiple Products) - OS Command Injection↗2015-07-08

▶

Exploit-DB

Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)↗2015-02-27

▶

Exploit-DB

Lorex LH300 Series - ActiveX Buffer Overflow (PoC)↗2015-01-18

▶

📋Vendor Advisories

Red Hat

openstack-nova: network security group changes are not applied to running instances↗2015-10-05

▶

Red Hat

openstack-nova: Nova instance migration process does not stop when instance is deleted↗2015-06-15

▶

Red Hat

Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)↗2015-03-03

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

🕵️Threat Intelligence

Unit42

Attack on French Diplomat Linked to Operation Lotus Blossom↗2015-12-18

▶

💬Community

Bugzilla

CVE-2015-7540 samba: DoS to AD-DC due to insufficient checking of asn1 memory allocation↗2015-12-04

▶

Bugzilla

CVE-2015-5240 openstack-neutron: Firewall rules bypass through port update↗2015-08-31

▶

Bugzilla

CVE-2015-6525 libevent: multiple integer overflows in the evbuffer APIs↗2015-08-25

▶

Bugzilla

CVE-2015-3221 openstack-neutron: L2 agent DoS through incorrect allowed address pairs↗2015-06-16

▶

Bugzilla

CVE-2014-1308 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶