CVE-2011-1355

IBM WebSphere Application Server 6.1-7.0 - Open Redirect via Logout Exit Page Parameter

Title source: llm
STIX 2.1

Description

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

References (3)

Core 3
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1PM35701
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1PM42436
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68570

Scores

EPSS 0.0187
EPSS Percentile 76.8%

Details

CWE
CWE-20
Status published
Products (44)
ibm/websphere_application_server 6.1
ibm/websphere_application_server 6.1.0
ibm/websphere_application_server 6.1.0.0
ibm/websphere_application_server 6.1.0.1
ibm/websphere_application_server 6.1.0.2
ibm/websphere_application_server 6.1.0.3
ibm/websphere_application_server 6.1.0.5
ibm/websphere_application_server 6.1.0.7
ibm/websphere_application_server 6.1.0.9
ibm/websphere_application_server 6.1.0.11
... and 34 more
Published Jul 19, 2011
Tracked Since Feb 18, 2026