CVE-2016-2989
First published: Mon Aug 08 2016(Updated: )
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Connections Portlets | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2989?
CVE-2016-2989 is considered a high severity vulnerability due to its potential to allow phishing attacks.
How do I fix CVE-2016-2989?
To fix CVE-2016-2989, upgrade to Connections Portlets version 5.0.2 or later.
What types of attacks can be carried out due to CVE-2016-2989?
CVE-2016-2989 allows attackers to perform open redirect attacks that can lead to phishing.
Which software is affected by CVE-2016-2989?
CVE-2016-2989 affects IBM Connections Portlets version 5.0 and earlier.
Is there a workaround for CVE-2016-2989?
There are no known workarounds for CVE-2016-2989 other than applying the available update.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm connections portlets
- version/ibm connections portlets/5.0