5.4.1.0

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

NVD

Published: 2014-05-30

Updated: 2017-08-29

Summary

Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Per: http://cwe.mitre.org/data/definitions/601.html CWE-601: URL Redirection to Untrusted Site

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sterling Control Center 5.4.0 IBM Sterling Control Center 5.4.0.1 IBM Sterling Control Center 5.4.1.0	3

References

http://www-01.ibm.com/support/docview.wss?uid=swg21673004
https://exchange.xforce.ibmcloud.com/vulnerabilities/92078