IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 | VDB Entry |
https://www.ibm.com/support/pages/node/7166712 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
06 Sep 2024, 22:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ibm security Verify Access Docker
Ibm Ibm security Verify Access |
|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 - VDB Entry | |
References | () https://www.ibm.com/support/pages/node/7166712 - Vendor Advisory | |
CPE | cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
30 Aug 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-29 17:15
Updated : 2024-09-21 10:15
NVD link : CVE-2024-35133
Mitre link : CVE-2024-35133
CVE.ORG link : CVE-2024-35133
JSON object : View
Products Affected
ibm
- security_verify_access
- security_verify_access_docker
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')