FKIE_CVE-2018-1736
Vulnerability from fkie_nvd - Published: 2018-09-27 19:29 - Updated: 2024-11-21 04:00
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
},
{
"lang": "es",
"value": "IBM WebSphere Portal en sus versiones 7.0, 8.0, 8.5 y 9.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 147906."
}
],
"id": "CVE-2018-1736",
"lastModified": "2024-11-21T04:00:16.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.510",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…