Lucene search

IbmCVE-2015-7397

HistoryJan 10, 2016 - 3:59 a.m.

CVE-2015-7397

2016-01-1003:59:02

ibm

web.nvd.nist.gov

cve

2015

7397

open redirect

vulnerabilities

ibm

websphere commerce 7.0

phishing

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch7.0

VendorProductVersionCPE
ibmwebsphere_commerce7.0cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	7.0	cpe:2.3:a:ibm:websphere_commerce:7.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1JR54295

www-01.ibm.com/support/docview.wss?uid=swg21969562

www-01.ibm.com/support/docview.wss?uid=swg24041142

www.securitytracker.com/id/1034640

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Related for CVE-2015-7397