CVE-2016-5878
medium
CVSS v3
6.8
CVSS v2
4.9
VIR risk
6.8
Description
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Predictions
Exploit likelihood
77%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21987721
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | filenet_workplace | 4.0.2.0 | |
| ibm | filenet_workplace | 4.0.2.1 | |
| ibm | filenet_workplace | 4.0.2.2 | |
| ibm | filenet_workplace | 4.0.2.3 | |
| ibm | filenet_workplace | 4.0.2.4 | |
| ibm | filenet_workplace | 4.0.2.5 | |
| ibm | filenet_workplace | 4.0.2.6 | |
| ibm | filenet_workplace | 4.0.2.7 | |
| ibm | filenet_workplace | 4.0.2.8 | |
| ibm | filenet_workplace | 4.0.2.9 | |
| ibm | filenet_workplace | 4.0.2.10 | |
| ibm | filenet_workplace | 4.0.2.11 | |
| ibm | filenet_workplace | 4.0.2.12 | |
| ibm | filenet_workplace | 4.0.2.13 | |
References
CWEs
CWE-601
Verify integrity in audit chain (admin only). AS-IS.