PT-2016-6744 · Ibm · Ibm Tealeaf Customer Experience
Published
2016-09-26
·
Updated
2016-11-28
·
CVE-2016-5977
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tealeaf Customer Experience versions prior to 8.7.1.8847 FP10
IBM Tealeaf Customer Experience versions 8.8 prior to 8.8.0.9049 FP9
IBM Tealeaf Customer Experience version 9.0.0
IBM Tealeaf Customer Experience version 9.0.1 prior to 9.0.1.1117 FP5
IBM Tealeaf Customer Experience version 9.0.1A prior to 9.0.1.5108 9.0.1A FP5
IBM Tealeaf Customer Experience version 9.0.2 prior to 9.0.2.1223 FP3
IBM Tealeaf Customer Experience version 9.0.2A prior to 9.0.2.5224 9.0.2A FP3
Description
The issue allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks.
Recommendations
For versions prior to 8.7.1.8847 FP10, update to 8.7.1.8847 FP10 or later.
For versions 8.8 prior to 8.8.0.9049 FP9, update to 8.8.0.9049 FP9 or later.
For version 9.0.0, update to a newer version that contains a fix for this issue.
For version 9.0.1 prior to 9.0.1.1117 FP5, update to 9.0.1.1117 FP5 or later.
For version 9.0.1A prior to 9.0.1.5108 9.0.1A FP5, update to 9.0.1.5108 9.0.1A FP5 or later.
For version 9.0.2 prior to 9.0.2.1223 FP3, update to 9.0.2.1223 FP3 or later.
For version 9.0.2A prior to 9.0.2.5224 9.0.2A FP3, update to 9.0.2.5224 9.0.2A FP3 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tealeaf Customer Experience