Published: 26/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 up to and including 5.1.0.5, 6.0.0.0 up to and including 6.0.0.4, 6.0.1.0 up to and including 6.0.1.7, 6.1.0.0 up to and including 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the query string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere portal 6.0.0.0
ibm websphere portal 6.0.0.1
ibm websphere portal 6.0.1.1
ibm websphere portal 6.0.1.2
ibm websphere portal 6.1.0.1
ibm websphere portal 6.1.0.2
ibm websphere portal 6.1.0.3
ibm websphere portal 6.0.0.2
ibm websphere portal 5.1.0.4
ibm websphere portal 6.0.1.3
ibm websphere portal 6.0.1.4
ibm websphere portal 6.1.5.0
ibm websphere portal 5.1.0.3
ibm websphere portal 5.1.0.2
ibm websphere portal 5.1.0.1
ibm websphere portal 6.0.0.3
ibm websphere portal 6.0.1.5
ibm websphere portal 6.0.1.6
ibm websphere portal 5.1.0.0
ibm websphere portal 5.1.0.5
ibm websphere portal 6.0.0.4
ibm websphere portal 6.0.1.0
ibm websphere portal 6.0.1.7
ibm websphere portal 6.1.0.0
ibm lotus web content management 5.1.0.4
ibm lotus web content management 5.1.0.1
ibm lotus web content management 6.0.1.4
ibm lotus web content management 6.0.1.5
ibm lotus web content management 5.1.0.3
ibm lotus web content management 5.1.0.5
ibm lotus web content management 6.0.0.3
ibm lotus web content management 6.0.0.4
ibm lotus web content management 6.0.1.6
ibm lotus web content management 6.0.1.7
ibm lotus web content management 6.0.0.1
ibm lotus web content management 5.1.0.2
ibm lotus web content management 5.1.0.0
ibm lotus web content management 6.0.1.0
ibm lotus web content management 6.0.1.1
ibm lotus web content management 6.1.0.0
ibm lotus web content management 6.1.0.1
ibm lotus web content management 6.0.0.0
ibm lotus web content management 6.0.0.2
ibm lotus web content management 6.0.1.2
ibm lotus web content management 6.0.1.3
ibm lotus web content management 6.1.0.2
ibm lotus web content management 6.1.0.3
ibm lotus web content management 6.1.5.0
ibm lotus workplace web content management 5.1.0.4
ibm lotus workplace web content management 5.1.0.1
ibm lotus workplace web content management 6.0.1.4
ibm lotus workplace web content management 6.0.1.5
ibm lotus workplace web content management 5.1.0.3
ibm lotus workplace web content management 5.1.0.5
ibm lotus workplace web content management 6.0.0.3
ibm lotus workplace web content management 6.0.0.4
ibm lotus workplace web content management 6.0.1.6
ibm lotus workplace web content management 6.0.1.7
ibm lotus workplace web content management 6.0.0.1
ibm lotus workplace web content management 5.1.0.2
ibm lotus workplace web content management 5.1.0.0
ibm lotus workplace web content management 6.0.1.0
ibm lotus workplace web content management 6.0.1.1
ibm lotus workplace web content management 6.1.0.0
ibm lotus workplace web content management 6.1.0.1
ibm lotus workplace web content management 6.0.0.0
ibm lotus workplace web content management 6.0.0.2
ibm lotus workplace web content management 6.0.1.2
ibm lotus workplace web content management 6.0.1.3
ibm lotus workplace web content management 6.1.0.2
ibm lotus workplace web content management 6.1.0.3
ibm lotus workplace web content management 6.1.5.0
ibm lotus quickr 8.1
ibm lotus quickr 8.0.0.2
ibm lotus quickr 8.1.1
ibm lotus quickr 8.1.1.1
ibm lotus quickr 8.0

NVD-CWE-Other http://www-01.ibm.com/support/docview.wss?uid=swg21421469 http://www.hacktics.com/content/advisories/AdvIBM20100224.html https://exchange.xforce.ibmcloud.com/vulnerabilities/56602 http://www.securityfocus.com/archive/1/509744/100/0/threaded https://nvd.nist.gov

Get Started

CVE-2010-0715

Vulnerability Summary

References

Vulmon Search

About

Products

Connect