CVE-2015-2167

Name of the Vulnerable Software and Affected Versions Ericsson Drutt Mobile Service Delivery Platform (MSDP) versions 4 through 6

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the url parameter to "jsp/start-3pi-manager.jsp".

Recommendations For Ericsson Drutt Mobile Service Delivery Platform (MSDP) versions 4 through 6, consider restricting access to the "jsp/start-3pi-manager.jsp" endpoint to minimize the risk of exploitation. Avoid using the url parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.