CVE-2015-7397

4 documents4 sources
Severity
7.4HIGH
EPSS
0.3%
top 43.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedJan 10
Latest updateMay 17

Description

Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4gf7-cp73-grc5: Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 72022-05-17
CVEList
CVE-2015-7397: Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 72016-01-10

💬Community

1
Bugzilla
CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions2014-08-26
CVE-2015-7397 (HIGH CVSS 7.4) | Multiple open redirect vulnerabilit | cvebase.io