Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-2697

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-26 Aug, 2025 | 16:47
Updated At-26 Aug, 2025 | 17:36
Rejected At-
Credits

IBM Cognos Command Center HTTP Open Redirect

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:26 Aug, 2025 | 16:47
Updated At:26 Aug, 2025 | 17:36
Rejected At:
▼CVE Numbering Authority (CNA)
IBM Cognos Command Center HTTP Open Redirect

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Affected Products
Vendor
IBM CorporationIBM
Product
Cognos Command Center
CPEs
  • cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 10.2.4.1
  • 10.2.5
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by upgrading. Affected Product(s)VersionFixIBM Cognos Command Center10.2.5 IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central https://www.ibm.com/support/pages/node/7239167 IBM Cognos Command Center10.2.4.1 IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central https://www.ibm.com/support/pages/node/7239167

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7242159
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7242159
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:26 Aug, 2025 | 17:15
Updated At:02 Sep, 2025 | 18:06

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Primary3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CPE Matches
IBM Corporation
ibm
>>cognos_command_center>>10.2.4.1
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>cognos_command_center>>10.2.5
cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarypsirt@us.ibm.com
CWE ID: CWE-601
Type: Primary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7242159psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7242159
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2020-4653
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-4598
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:30
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-0329
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 24.87%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.

Action-Not Available
Vendor-n/aIBM Corporation
Product-emptoris_sourcingn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-41559
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.98% / 76.41%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 01:49
Updated-22 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Nimbus Open Redirect Vulnerability

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-nimbusTIBCO Nimbus
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-6741
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 70.89%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 18:15
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476.

Action-Not Available
Vendor-Samsung
Product-galaxy_s9galaxy_s9_firmwareGalaxy S9
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-21354
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.84% / 74.39%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 19:05
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in pollbot

Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com/". An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: "https://pollbot.services.mozilla.com//evil.com/". Affected versions will redirect to that website when you inject a payload like "//evil.com/". This is fixed in version 1.4.4.

Action-Not Available
Vendor-Mozilla Corporation
Product-pollbotPollBot
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found