CVE-2016-0204 — Open Redirect in IBM Cloud Orchestrator

CWE-601 — Open Redirect4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 63.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud Orchestrator

Timeline

PublishedOct 16

Latest updateMay 14

Description

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages1 packages

▶NVDibm/cloud_orchestrator2.4.0.0, 2.4.0.1, 2.4.0.2+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qc9f-5c9x-x8xf: Open redirect vulnerability in IBM Cloud Orchestrator 2↗2022-05-14

▶

CVEList

CVE-2016-0204: Open redirect vulnerability in IBM Cloud Orchestrator 2↗2016-10-16

▶

💥Exploits & PoCs

Nuclei

WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting

▶