CVE-2010-0715

Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21421469	Patch Vendor Advisory
http://www.hacktics.com/content/advisories/AdvIBM20100224.html	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/56602
http://www.securityfocus.com/archive/1/509744/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_portal:6.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.1:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.2:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.1.0.1:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.1.0.3:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.4:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.3:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.4:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.3:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.1.5.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.7:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.1:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.5:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:5.1.0.5:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.1.6:::::::*
	cpe:2.3:a:ibm:websphere_portal:6.0.0.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:::::::*
	cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0:::::::*
	cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:ibm:lotus_quickr:8.1:::::::*
	cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:::::::*
	cpe:2.3:a:ibm:lotus_quickr:8.1.1:::::::*
	cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:::::::*
	cpe:2.3:a:ibm:lotus_quickr:8.0:::::::*

Information

Published : 2010-02-26 11:30

Updated : 2018-10-10 12:53

NVD link : CVE-2010-0715

Mitre link : CVE-2010-0715

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_quickr
websphere_portal
lotus_workplace_web_content_management
lotus_web_content_management

6.8 /10