CVE-2019-4092

MEDIUM Year: 2019
CVSS v3 Score
6.8
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.

Related Vulnerabilities

CVE-2016-0204

MEDIUM
CVSS:6.8(Medium)

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vec...

CWE-6012016

CVE-2016-3040

MEDIUM
CVSS:6.8(Medium)

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users ...

CWE-6012016

CVE-2016-3047

MEDIUM
CVSS:6.8(Medium)

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecifie...

CWE-6012016

CVE-2016-5878

MEDIUM
CVSS:6.8(Medium)

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vecto...

CWE-6012016

CVE-2016-5977

MEDIUM
CVSS:6.8(Medium)

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0....

CWE-6012016

CVE-2016-9451

MEDIUM
CVSS:6.8(Medium)

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

CWE-6012016