Vulnerability Details : CVE-2015-2167
Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp.
Vulnerability category: Open redirect
Exploit prediction scoring system (EPSS) score for CVE-2015-2167
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2167
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2015-2167
-
http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html
Ericsson Drutt MSDP (3PI Manager) Open Redirect ≈ Packet StormExploit
-
http://www.securityfocus.com/bid/73934
Ericsson Drutt MSDP 'jsp/start-3pi-manager.jsp' Open Redirection Vulnerability
Products affected by CVE-2015-2167
- cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:5.0:*:*:*:*:*:*:*