How severe is CVE-2017-1156?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-1156?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2017-1156 - HIGH Severity | CVSS 8.8

Vulnerability Description

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592

Related Vulnerabilities

CVE-2016-9078

HIGH

CVSS:8.8(High)

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it load...

CWE-6012016

CVE-2017-1000117

HIGH

CVSS:8.8(High)

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such...

CWE-6012017

CVE-2017-11879

HIGH

CVSS:8.8(High)

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

CWE-6012017

CVE-2019-10751

HIGH

CVSS:8.8(High)

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory...

CWE-6012019

CVE-2022-41204

HIGH

CVSS:8.8(High)

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from ...

CWE-6012022

CVE-2024-26504

HIGH

CVSS:8.8(High)

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.

CWE-6012024