IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability
BID:68924
Info
IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability
| Bugtraq ID: | 68924 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-3054 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 25 2014 12:00AM |
| Updated: | Jul 25 2014 12:00AM |
| Credit: | IBM |
| Vulnerable: |
IBM Websphere Portal 8.0.0.1 IBM Websphere Portal 8.0.0.0 IBM Websphere Portal 7.0.0.2 IBM Websphere Portal 7.0.0.1 IBM Websphere Portal 7.0.0.0 |
| Not Vulnerable: |
IBM Websphere Portal 8.0.0.1 CF12 |
Discussion
IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability
IBM WebSphere Portal is prone to an open-redirection vulnerability.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
The following product versions are affected:
WebSphere Portal versions 8.0.0.0 through 8.0.0.1
WebSphere Portal versions 7.0.0.0 through 7.0.0.2 (If catalog shipment 'IBM WebSphere Portal Unified Task List Portlet' is installed)
IBM WebSphere Portal is prone to an open-redirection vulnerability.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
The following product versions are affected:
WebSphere Portal versions 8.0.0.0 through 8.0.0.1
WebSphere Portal versions 7.0.0.0 through 7.0.0.2 (If catalog shipment 'IBM WebSphere Portal Unified Task List Portlet' is installed)
Exploit / POC
IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
References
IBM WebSphere Portal CVE-2014-3054 Open Redirection Vulnerability
References:
References: