CVE-2017-1195

MEDIUM

IBM Curam Social Program Management <7.0 - Open Redirect

Title source: llm

Description

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg22007160

VDB Entry, Vendor Advisory x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/123670

Scores

CVSS v3 6.1

EPSS 0.0080

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (45)

IBM/Cram Social Program Management 6.0.4

IBM/Cram Social Program Management 6.0.5

IBM/Cram Social Program Management 6.1.0

IBM/Cram Social Program Management 6.1.1

IBM/Cram Social Program Management 6.2.0

IBM/Cram Social Program Management 7.0.0

ibm/curam_social_program_management 6.0.4.0

ibm/curam_social_program_management 6.0.4.1

ibm/curam_social_program_management 6.0.4.2

ibm/curam_social_program_management 6.0.4.3

... and 35 more

Published Aug 29, 2017

Tracked Since Feb 18, 2026