- Description
- IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989
- Source
- psirt@us.ibm.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 3.6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1D36993-75D4-4EDE-8748-A3FDE4C69DF3"
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90104525-6A11-4A42-8DD8-BFE267FCF306"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "161542A0-E919-4105-AD4F-C881ACF8D26B"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "324A0484-C50D-4400-B6FD-23D793F032AD"
}
],
"operator": "OR"
}
]
}
]