Open Redirect in Ibm Business_process_manager
CVE-2017-1159
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerabi…
Vulnerability class: Open Redirect
EPSS: 0.001 (27.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Ibm Business_process_manager — versions 7.5.0.0, 7.5.0.1, 7.5.1.0
- Ibm Corporation Business Process Manager Advanced — versions 8.0, 8.0.1, 8.0.1.1, 8.0.1.2, 8.5, 8.5.0.1, 8.5.5, 8.0.1.3, 8.5.6, 8.5.0.2, 8.5.7, 8.5.7.CF201609, 8.5.6.1, 8.5.6.2, 8.5.7.CF201606, 8.5.7.CF201612
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-1159?
- CVE-2017-1159 is a medium-severity vulnerability in Ibm Business_process_manager, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 5.4/10. Published 2017-05-22.
- How severe is CVE-2017-1159?
- Medium severity. CVSS v3 base score is 5.4 out of 10.