CVE-2015-7428
First published: Mon Feb 29 2016(Updated: )
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =8.0.0.0 | |
| IBM WebSphere Portal | =8.0.0.1 | |
| IBM WebSphere Portal | =8.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7428?
CVE-2015-7428 has a medium severity level, indicating a moderate risk for potential exploitation.
How do I fix CVE-2015-7428?
To fix CVE-2015-7428, upgrade to IBM WebSphere Portal version 8.0.0.1 CF20 or 8.5.0.0 CF09 or later.
What are the impacts of CVE-2015-7428?
CVE-2015-7428 allows remote attackers to redirect users to malicious websites, facilitating phishing attacks.
Which versions of IBM WebSphere Portal are affected by CVE-2015-7428?
The affected versions include IBM WebSphere Portal 8.0.0.0, 8.0.0.1, and 8.5.0.0 before their respective fix packs.
Can CVE-2015-7428 be exploited without user interaction?
Yes, CVE-2015-7428 can be exploited through crafted URLs, potentially without user interaction.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/8.0.0.0
- version/ibm websphere portal/8.0.0.1
- version/ibm websphere portal/8.5.0.0