Vulnerability Details CVE-2010-0715
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21421469
- http://www.hacktics.com/content/advisories/AdvIBM20100224.html
- http://www.securityfocus.com/archive/1/509744/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56602
- http://www-01.ibm.com/support/docview.wss?uid=swg21421469
- http://www.hacktics.com/content/advisories/AdvIBM20100224.html
- http://www.securityfocus.com/archive/1/509744/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56602
Products affected by CVE-2010-0715
-
cpe:2.3:a:ibm:lotus_quickr:8.0
-
cpe:2.3:a:ibm:lotus_quickr:8.0.0.2
-
cpe:2.3:a:ibm:lotus_quickr:8.1
-
cpe:2.3:a:ibm:lotus_quickr:8.1.1
-
cpe:2.3:a:ibm:lotus_quickr:8.1.1.1
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4
-
cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6
-
cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7
-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0
-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1
-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2
-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3
-
cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3
-
cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.0
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.1
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.2
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.3
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.4
-
cpe:2.3:a:ibm:websphere_portal:5.1.0.5
-
cpe:2.3:a:ibm:websphere_portal:6.0.0.0
-
cpe:2.3:a:ibm:websphere_portal:6.0.0.1
-
cpe:2.3:a:ibm:websphere_portal:6.0.0.2
-
cpe:2.3:a:ibm:websphere_portal:6.0.0.3
-
cpe:2.3:a:ibm:websphere_portal:6.0.0.4
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.0
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.1
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.2
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.3
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.4
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.5
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.6
-
cpe:2.3:a:ibm:websphere_portal:6.0.1.7
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.0
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.1
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.2
-
cpe:2.3:a:ibm:websphere_portal:6.1.0.3
-
cpe:2.3:a:ibm:websphere_portal:6.1.5.0