CVE-2016-8953

MEDIUM

IBM Emptoris Sourcing <10.1.x - Open Redirect

Title source: llm

Description

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0012
EPSS Percentile 30.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (18)
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
... and 8 more
Published Jul 12, 2017
Tracked Since Feb 18, 2026