mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
112 lines
3.7 KiB
JSON
112 lines
3.7 KiB
JSON
{
|
|
"id": "CVE-2015-7428",
|
|
"sourceIdentifier": "psirt@us.ibm.com",
|
|
"published": "2016-02-29T11:59:00.123",
|
|
"lastModified": "2016-03-02T13:42:28.707",
|
|
"vulnStatus": "Analyzed",
|
|
"evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>\n<br /> <br />\nAppropriate Vendor Advisory Link: <a href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\">HERE</a>",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM WebSphere Portal 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL manipulada."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 4.0
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589",
|
|
"source": "psirt@us.ibm.com"
|
|
}
|
|
]
|
|
} |