CVE-2016-8961
published 2017-02-01CVE-2016-8961: IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | bigfix_inventory | <= 9.2 | — |
| ibm | license_metric_tool | — | — |
| ibm_corporation | bigfix_inventory | — | — |