Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-01 | CVE-2016-3047 | Open Redirect vulnerability in IBM Filenet Workplace 4.0.2 Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-11-25 | CVE-2016-9451 | Open Redirect vulnerability in Drupal Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | 6.8 |
| 2016-10-16 | CVE-2016-0204 | Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2 Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-10-07 | CVE-2016-1000001 | Open Redirect vulnerability in Flask-Oidc Project Flask-Oidc 0.1.0/0.1.1/0.1.2 flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | 7.4 |
| 2016-09-30 | CVE-2016-6636 | Open Redirect vulnerability in multiple products The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | 5.3 |
| 2016-09-26 | CVE-2016-5977 | Open Redirect vulnerability in IBM Tealeaf Customer Experience Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-09-26 | CVE-2016-3040 | Open Redirect vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0 IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-09-18 | CVE-2016-0928 | Open Redirect vulnerability in Pivotal Cloud Foundry Elastic Runtime Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 7.4 |
| 2016-08-08 | CVE-2016-5878 | Open Redirect vulnerability in IBM Filenet Workplace Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |
| 2016-07-22 | CVE-2016-4604 | Open Redirect vulnerability in Apple Safari Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | 5.4 |