IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/107302 | Third Party Advisory VDB Entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153319 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/docview.wss?uid=ibm10871652 | Vendor Advisory |
| http://www.securityfocus.com/bid/107302 | Third Party Advisory VDB Entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/153319 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/docview.wss?uid=ibm10871652 | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/107302 - Third Party Advisory, VDB Entry | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/153319 - VDB Entry, Vendor Advisory | |
| References | () https://www.ibm.com/support/docview.wss?uid=ibm10871652 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.8 |
Information
Published : 2019-03-05 18:29
Updated : 2024-11-21 04:00
NVD link : CVE-2018-1939
Mitre link : CVE-2018-1939
CVE.ORG link : CVE-2018-1939
JSON object : View
Products Affected
ibm
- cloud_private
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')