CVE-2010-0715

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 5.1.0.0 through 5.1.0.5 IBM WebSphere Portal versions 6.0.0.0 through 6.0.0.4 IBM WebSphere Portal versions 6.0.1.0 through 6.0.1.7 IBM WebSphere Portal versions 6.1.0.0 through 6.1.0.3 IBM WebSphere Portal version 6.1.5.0 IBM Lotus Web Content Management (WCM) versions 5.1.0.0 through 5.1.0.5 IBM Lotus Web Content Management (WCM) versions 6.0.0.0 through 6.0.0.4 IBM Lotus Web Content Management (WCM) versions 6.0.1.0 through 6.0.1.7 IBM Lotus Web Content Management (WCM) versions 6.1.0.0 through 6.1.0.3 IBM Lotus Web Content Management (WCM) version 6.1.5.0 IBM Lotus Workplace Web Content Management versions 5.1.0.0 through 5.1.0.5 IBM Lotus Workplace Web Content Management versions 6.0.0.0 through 6.0.0.4 IBM Lotus Workplace Web Content Management versions 6.0.1.0 through 6.0.1.7 IBM Lotus Workplace Web Content Management versions 6.1.0.0 through 6.1.0.3 IBM Lotus Workplace Web Content Management version 6.1.5.0 IBM Lotus Quickr services version 8.0 IBM Lotus Quickr services version 8.0.0.2 IBM Lotus Quickr services version 8.1 IBM Lotus Quickr services version 8.1.1 IBM Lotus Quickr services version 8.1.1.1

Description The issue is an open redirect vulnerability in the login.jsp file of the affected software, which allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.

Recommendations For IBM WebSphere Portal versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM WebSphere Portal versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM WebSphere Portal versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM WebSphere Portal versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM WebSphere Portal version 6.1.5.0, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM Lotus Web Content Management (WCM) version 6.1.5.0, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 5.1.0.0 through 5.1.0.5, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.0.0.0 through 6.0.0.4, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.0.1.0 through 6.0.1.7, update to a version outside of this range. For IBM Lotus Workplace Web Content Management versions 6.1.0.0 through 6.1.0.3, update to a version outside of this range. For IBM Lotus Workplace Web Content Management version 6.1.5.0, update to a version outside of this range. For IBM Lotus Quickr services version 8.0, update to a version outside of this range. For IBM Lotus Quickr services version 8.0.0.2, update to a version outside of this range. For IBM Lotus Quickr services version 8.1, update to a version outside of this range. For IBM Lotus Quickr services version 8.1.1, update to a version outside of this range. For IBM Lotus Quickr services version 8.1.1.1, update to a version outside of this range. At the moment, there is no information about a newer version that contains a fix for this vulnerability.