Vulnerability Details : CVE-2016-0204
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Vulnerability category: Open redirect
Products affected by CVE-2016-0204
- cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0204
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0204
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N |
2.3
|
4.0
|
NIST |
CWE ids for CVE-2016-0204
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0204
-
http://www.securityfocus.com/bid/93512
IBM Cloud Orchestrator CVE-2016-0204 Unspecified Open Redirection VulnerabilityThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000124
IBM Security Bulletin: IBM Cloud Orchestrator (CVE-2016-0204)Patch;Vendor Advisory
Jump to