CVE-2019-4153
First published: Tue Jun 25 2019(Updated: )
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Access Manager | >=9.0.1<=9.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-4153.
What is the severity rating of CVE-2019-4153?
The severity rating of CVE-2019-4153 is medium (6.8).
What is the affected software for CVE-2019-4153?
The affected software for CVE-2019-4153 is IBM Security Access Manager versions 9.0.1 through 9.0.6.
How can a remote attacker exploit CVE-2019-4153?
A remote attacker can exploit CVE-2019-4153 by conducting phishing attacks using an open redirect attack.
Are there any references available for CVE-2019-4153?
Yes, you can refer to the following links for more information about CVE-2019-4153: [1] [2]
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm security access manager
- version/ibm security access manager/9.0.1
- version/ibm security access manager/9.0.6