Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2015-6501 | Open Redirect vulnerability in Puppet Enterprise Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | 5.8 |
| 2016-12-16 | CVE-2016-6657 | Open Redirect vulnerability in Pivotal Software products An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. | 5.8 |
| 2016-12-15 | CVE-2016-3174 | Open Redirect vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. | 4.3 |
| 2016-12-01 | CVE-2016-3047 | Open Redirect vulnerability in IBM Filenet Workplace 4.0.2 Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
| 2016-11-25 | CVE-2016-9451 | Open Redirect vulnerability in Drupal Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | 4.9 |
| 2016-10-16 | CVE-2016-0204 | Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2 Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
| 2016-10-07 | CVE-2016-1000001 | Open Redirect vulnerability in Flask-Oidc Project Flask-Oidc 0.1.0/0.1.1/0.1.2 flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | 5.8 |
| 2016-09-30 | CVE-2016-6636 | Open Redirect vulnerability in multiple products The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | 5.0 |
| 2016-09-26 | CVE-2016-5977 | Open Redirect vulnerability in IBM Tealeaf Customer Experience Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |
| 2016-09-26 | CVE-2016-3040 | Open Redirect vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0 IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |