CVE-2015-2014

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21963016	Patch Vendor Advisory
http://www.securitytracker.com/id/1033271

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:domino:8.5.0:::::::*
	cpe:2.3:a:ibm:domino:8.5.1:::::::*
	cpe:2.3:a:ibm:domino:8.5.2:::::::*
	cpe:2.3:a:ibm:domino:8.5.3:::::::*
	cpe:2.3:a:ibm:domino:9.0.1:::::::*

History

No history.

Information

Published : 2015-08-23 01:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-2014

Mitre link : CVE-2015-2014

CVE.ORG link : CVE-2015-2014

JSON object : View

Products Affected

ibm

domino

CWE

NVD-CWE-Other

{"id": "CVE-2015-2014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-08-23T01:59:00.097", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963016", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1033271", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA."}, {"lang": "es", "value": "Vulnerabilidad de redireccionamiento abierto en el servidor web en IBM Domino en 8.5 en versiones anteriores a 8.5.3 FP6 IF9 y en 9.0 en versiones anteriores a 9.0.1 FP4, permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing o cross-site scripting (XSS) a trav\u00e9s de URL manipuladas, tambi\u00e9n conocida como SPR SJAR9DNGDA."}], "lastModified": "2019-10-16T12:40:30.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0"}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82"}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E"}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121"}, {"criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", "sourceIdentifier": "psirt@us.ibm.com"}