CVE-2018-1704Open Redirect in IBM Platform Symphony

CWE-601Open Redirect4 documents4 sources
Severity
5.4MEDIUMNVD
CNA6.8
EPSS
0.1%
top 75.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Platform SymphonyIBM Spectrum Symphony
Timeline
PublishedSep 28
Latest updateMay 13

Description

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

CVEListV5ibm/platform_symphony7.1, 7.1.1+1
CVEListV5ibm/spectrum_symphony7.1.2, 7.2.0.2+1
NVDibm/platform_symphony7.1, 7.1.1+1
NVDibm/spectrum_symphony7.1.2, 7.2.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-6v49-cm4j-5rg6: IBM Platform Symphony 72022-05-13
CVEList
CVE-2018-1704: IBM Platform Symphony 72018-09-28

💬Community

1
Bugzilla
CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning2017-08-22
CVE-2018-1704 — Open Redirect in IBM Platform Symphony | cvebase