CVE-2020-4409

HIGH

IBM Maximo Asset Management 7.6.0-7.6.1 - Open Redirect via Tabnabbing

Title source: llm

Description

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/6333091

VDB Entry, Vendor Advisory vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/179537

Scores

CVSS v3 8.2

EPSS 0.0089

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Details

CWE

CWE-601

Status published

Products (42)

ibm/control_desk 7.6.1

ibm/control_desk 7.6.1.1

ibm/maximo_asset_configuration_manager 7.6.6

ibm/maximo_asset_configuration_manager 7.6.7

ibm/maximo_asset_configuration_manager 7.6.7.1

ibm/maximo_asset_health_insights 7.6.1

ibm/maximo_asset_health_insights 7.6.1.1

ibm/maximo_asset_management < 7.6.1.2

ibm/maximo_asset_management_scheduler 7.6.7

ibm/maximo_asset_management_scheduler 7.6.7.1

... and 32 more

Published Sep 16, 2020

Tracked Since Feb 18, 2026