CVE-2016-5977

Published Sep 26, 2016

Last updated 8 years ago

Overview

Description: Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.8
Impact score: 4
Exploitability score: 2.3
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 4.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-601

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F356136-5E64-43D5-94D2-A08934DEBD1C",
            "versionEndIncluding": "8.7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBAC9796-BA52-48AF-9326-3C2343BE2342"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D705DD1-8F24-49B4-8D05-F0403A625016"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D66B990-2034-46D9-AF8D-DE69B3161F38"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50EC1311-629F-401B-9AE3-8ECDE0CBF330"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AFA47D5-AC5B-4A1B-83A6-EE5D49ECE489"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5FE2E49-88CF-4D61-8097-B3146A47BAED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References