IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N
Vendors Products
Ibm
  • Security Privileged Identity Manager Virtual Appliance

Configuration 1 [-]

cpe:2.3:a:ibm:security_privileged_identity_manager_virtual_appliance:2.0:*:*:*:*:*:*:*
References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21989205 Patch Vendor Advisory
http://www.securityfocus.com/bid/92986
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2016-09-26T01:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-3040

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-09-26T04:59:13.247

Modified: 2016-11-28T20:06:00.917

Link: CVE-2016-3040

JSON object: View

cve-icon Redhat Information

No data.

CWE