CVE-2017-1489

MEDIUM

IBM Security Access Manager 6.1-9.0 - Open Redirect via ECSSO Master Authentication

Title source: llm
STIX 2.1

Description

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.

References (4)

Core 4
Core References
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/128687
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100592
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039227
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006959

Scores

CVSS v3 6.1
EPSS 0.0118
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (49)
IBM/Security Access Manager for Web 6.1
IBM/Security Access Manager for Web 6.1.1
IBM/Security Access Manager for Web 7.0
IBM/Security Access Manager for Web 8.0
IBM/Security Access Manager for Web 8.0.0.1
IBM/Security Access Manager for Web 8.0.0.2
IBM/Security Access Manager for Web 8.0.0.3
IBM/Security Access Manager for Web 8.0.0.4
IBM/Security Access Manager for Web 8.0.0.5
IBM/Security Access Manager for Web 8.0.1
... and 39 more
Published Aug 29, 2017
Tracked Since Feb 18, 2026