CVE-2019-4166

HIGH Year: 2019
CVSS v3 Score
7.4
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.

Related Vulnerabilities

CVE-2016-0928

HIGH
CVSS:7.4(High)

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct p...

CWE-6012016

CVE-2016-1000001

HIGH
CVSS:7.4(High)

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect

CWE-6012016

CVE-2016-3174

HIGH
CVSS:7.4(High)

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be prov...

CWE-6012016

CVE-2016-6657

HIGH
CVSS:7.4(High)

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runti...

CWE-6012016

CVE-2017-18414

HIGH
CVSS:7.4(High)

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

CWE-6012017

CVE-2017-3085

HIGH
CVSS:7.4(High)

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CWE-6012017