Lucene search

MitreCVE-2010-3473

HistorySep 20, 2010 - 10:00 p.m.

CVE-2010-3473

2010-09-2022:00:04

CWE-20

mitre

web.nvd.nist.gov

cve-2010-3473

open redirect

workplace

wp component

ibm filenet

p8ae

phishing

vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

72.5%

JSON

Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

Nvd

Node

ibmfilenet_p8_application_engineMatch3.5.1

ibmfilenet_p8_application_engineMatch3.5.1001

ibmfilenet_p8_application_engineMatch3.5.1002

ibmfilenet_p8_application_engineMatch3.5.1003

ibmfilenet_p8_application_engineMatch3.5.1004

ibmfilenet_p8_application_engineMatch3.5.1005

ibmfilenet_p8_application_engineMatch3.5.1006

ibmfilenet_p8_application_engineMatch3.5.1007

ibmfilenet_p8_application_engineMatch3.5.1008

ibmfilenet_p8_application_engineMatch3.5.1009

ibmfilenet_p8_application_engineMatch3.5.1010

ibmfilenet_p8_application_engineMatch3.5.1011

ibmfilenet_p8_application_engineMatch3.5.1012

ibmfilenet_p8_application_engineMatch3.5.1013

ibmfilenet_p8_application_engineMatch3.5.1014

ibmfilenet_p8_application_engineMatch3.5.1015

ibmfilenet_p8_application_engineMatch3.5.1016

ibmfilenet_p8_application_engineMatch3.5.1017

ibmfilenet_p8_application_engineMatch3.5.1018

ibmfilenet_p8_application_engineMatch3.5.1019

ibmfilenet_p8_application_engineMatch3.5.1020

VendorProductVersionCPE
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:*:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008:*:*:*:*:*:*
ibmfilenet_p8_application_engine3.5.1cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:::::::*
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:001::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:002::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:003::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:004::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:005::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:006::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:007::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:008::::::
ibm	filenet_p8_application_engine	3.5.1	cpe:2.3:a:ibm:filenet_p8_application_engine:3.5.1:009::::::

Rows per page:

1-10 of 211

References

download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm

secunia.com/advisories/41458

www-01.ibm.com/support/docview.wss?uid=swg1PJ37180

www.securityfocus.com/bid/43272

www.vupen.com/english/advisories/2010/2419

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

72.5%

JSON

Related for CVE-2010-3473