CVE-2018-1875

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 65.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Infosphere Information Governance CatalogIBM Infosphere Information Server ON Cloud
Timeline
PublishedMar 5
Latest updateMay 13

Description

IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages4 packages

CVEListV5ibm/infosphere_information_governance_catalog11.3, 11.5, 11.7+2
NVDibm/infosphere_information11.5, 11.7+1

🔴Vulnerability Details

2
GHSA
GHSA-p359-3m6v-h795: IBM InfoSphere Information Governance Catalog 112022-05-13
CVEList
CVE-2018-1875: IBM InfoSphere Information Governance Catalog 112019-03-05
CVE-2018-1875 (MEDIUM CVSS 6.1) | IBM InfoSphere Information Governan | cvebase.io