Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0878

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-26 May, 2014 | 19:00
Updated At-06 Aug, 2024 | 09:27
Rejected At-
Credits

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:26 May, 2014 | 19:00
Updated At:06 Aug, 2024 | 09:27
Rejected At:
â–¼CVE Numbering Authority (CNA)

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/59022
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21680750
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21679610
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676672
x_refsource_CONFIRM
http://secunia.com/advisories/59058
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/61264
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
vdb-entry
x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21689593
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681256
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21674539
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686717
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21683484
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21673836
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21677387
x_refsource_CONFIRM
http://secunia.com/advisories/59023
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21672043
x_refsource_CONFIRM
http://www.securityfocus.com/bid/67601
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21679713
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21675343
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21676703
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21675588
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59022
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680750
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679610
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676672
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59058
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/61264
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21689593
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21681256
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21674539
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21686717
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21683484
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21673836
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21677387
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59023
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672043
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/67601
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675343
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676703
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675588
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/59022
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21680750
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21679610
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21676672
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59058
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/61264
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
vdb-entry
x_refsource_XF
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21689593
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21681256
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21674539
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21686717
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21683484
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21673836
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21677387
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59023
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21672043
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/67601
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21679713
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21675343
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21676703
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21675588
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59022
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680750
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679610
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676672
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59058
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/61264
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21689593
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21681256
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21674539
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21686717
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21683484
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21673836
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21677387
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59023
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672043
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/67601
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675343
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676703
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675588
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:26 May, 2014 | 19:55
Updated At:12 Apr, 2025 | 10:46

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
IBM Corporation
ibm
>>java_sdk>>6.0.0.0
cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.1.0
cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.2.0
cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.3.0
cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.4.0
cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.5.0
cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.6.0
cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.7.0
cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.8.0
cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.8.1
cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.9.0
cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.9.1
cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.9.2
cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.10.0
cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.10.1
cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.11.0
cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.12.0
cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.13.0
cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.13.1
cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.13.2
cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.14.0
cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.15.0
cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>6.0.15.1
cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.0.0
cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.11.0
cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.11.1
cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.11.2
cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.0
cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.1
cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.2
cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.3
cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.4
cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.12.5
cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.13.0
cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.14.0
cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.15.0
cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.0
cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.1
cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.2
cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.3
cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.4
cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>5.0.16.5
cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.0.0
cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.1.0
cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.2.0
cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.3.0
cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.4.0
cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.4.1
cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.4.2
cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
IBM Corporation
ibm
>>java_sdk>>7.0.5.0
cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/59022psirt@us.ibm.com
N/A
http://secunia.com/advisories/59023psirt@us.ibm.com
N/A
http://secunia.com/advisories/59058psirt@us.ibm.com
N/A
http://secunia.com/advisories/61264psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21672043psirt@us.ibm.com
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673836psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21674539psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676672psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676703psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676746psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679610psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679713psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680750psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21681256psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21683484psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21686717psirt@us.ibm.com
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21689593psirt@us.ibm.com
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21675343psirt@us.ibm.com
N/A
http://www.ibm.com/support/docview.wss?uid=swg21675588psirt@us.ibm.com
N/A
http://www.ibm.com/support/docview.wss?uid=swg21677387psirt@us.ibm.com
N/A
http://www.securityfocus.com/bid/67601psirt@us.ibm.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91084psirt@us.ibm.com
N/A
http://secunia.com/advisories/59022af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59023af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59058af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61264af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21672043af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673836af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21674539af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676672af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676703af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676746af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679610af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679713af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680750af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21681256af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21683484af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21686717af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21689593af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21675343af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg21675588af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg21677387af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/67601af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91084af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/59022
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/59023
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/59058
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/61264
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672043
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21673836
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21674539
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676672
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676703
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679610
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680750
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21681256
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21683484
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21686717
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21689593
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675343
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675588
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21677387
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/67601
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/59022
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59023
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59058
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61264
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672043
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21673836
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21674539
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676672
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679610
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680750
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21681256
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21683484
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21686717
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21689593
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675343
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21675588
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21677387
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/67601
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

78Records found
CVE-2017-1534
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.09%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 17:00
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_for_web_appliancesecurity_access_manager_appliancesecurity_access_manager_firmwaresecurity_access_manager_for_mobile_appliancesecurity_access_manager_for_web_firmwaresecurity_access_manager_for_mobileSecurity Access Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-1450
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.58%
||
7 Day CHG~0.00%
Published-31 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_sourcingEmptoris Sourcing
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2013-5431
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.31% / 79.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_federated_identity_managertivoli_federated_identity_manager_business_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1489
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.24%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_for_mobiletivoli_access_manager_for_e-businesssecurity_access_manager_for_web_softwaresecurity_access_manager_for_websecurity_access_manager_for_web_appliancesecurity_access_managerSecurity Access Manager for Web
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-1428
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.76%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1398
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_commerceWebSphere Commerce Enterprise
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-1262
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardium
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CVE-2017-1195
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.58%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCram Social Program Management
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-8947
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_sourcingEmptoris Sourcing
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-8961
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-6027
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_secure_proxyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-4654
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-4595
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4631
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 18:30
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4166
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.20% / 41.98%
||
7 Day CHG-0.00%
Published-30 Apr, 2019 | 14:25
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699.

Action-Not Available
Vendor-IBM Corporation
Product-storediqStoredIQ
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4552
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 12:40
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managersecurity_verify_accessSecurity Verify AccessSecurity Access Manager
CVE-2019-4538
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 14:45
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_serverSecurity Directory Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4109
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:20
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_extreme_scaleWebSphere eXtreme Scale
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4092
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 14:36
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4201
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-06 Jun, 2019 | 00:35
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementJazz for Service Management
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-3473
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.32% / 54.63%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_p8_application_enginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-5032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 50.76%
||
7 Day CHG~0.00%
Published-16 Dec, 2010 | 19:45
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notes_travelern/a
CVE-2020-4409
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.17%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:55
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_equipment_maintenance_assistantmaximo_for_transportationmaximo_calibrationcontrol_desktivoli_integration_composermaximo_asset_managementmaximo_for_oil_and_gasmaximo_asset_health_insightsmaximo_linear_asset_managermaximo_enterprise_adaptermaximo_for_nuclear_powermaximo_for_aviationmaximo_for_service_providersmaximo_for_life_sciencesmaximo_spatial_asset_managementmaximo_network_on_blockchainmaximo_asset_configuration_managermaximo_asset_management_scheduler_plusmaximo_for_utilitiesmaximo_asset_management_schedulerMaximo Asset Management
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4882
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 31.48%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 17:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-4849
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.11%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:45
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4653
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4598
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:30
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4490
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.65%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 13:10
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Automation WorkflowBusiness Process Manager Advanced
  • Previous
  • 1
  • 2
  • Next
Details not found