IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability

Bugtraq ID:	69047
Class:	Input Validation Error
CVE:	CVE-2014-4760
Remote:	Yes
Local:	No
Published:	Jul 30 2014 12:00AM
Updated:	Jul 30 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Websphere Portal 6.1.5 IBM Websphere Portal 6.1 .3 IBM Websphere Portal 6.1 .2 IBM Websphere Portal 6.1 .1 IBM Websphere Portal 6.1 IBM Websphere Portal 8.0.0.1 IBM Websphere Portal 8.0.0.0 IBM Websphere Portal 7.0.0.2 IBM Websphere Portal 7.0.0.1 IBM Websphere Portal 7.0.0.0 IBM Websphere Portal 6.1.5.3 IBM Websphere Portal 6.1.5.2 IBM Websphere Portal 6.1.5.1 IBM Websphere Portal 6.1.0.6 IBM Websphere Portal 6.1.0.5 IBM Websphere Portal 6.1.0.4 IBM Websphere Portal 6.1.0.0
Not Vulnerable:

IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability

IBM WebSphere Portal is prone to an open-redirection vulnerability.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

The following versions are affected:

WebSphere Portal 8.0.0.0 through 8.0.0.1
WebSphere Portal 7.0.0.0 through 7.0.0.2
WebSphere Portal 6.1.5.0 through 6.1.5.3
WebSphere Portal 6.1.0.0 through 6.1.0.6

IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM WebSphere Portal CVE-2014-4760 Open Redirection Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere (IBM)