← Back

CVE-2024-35133

nvd nist
Published: Aug 29, 2024Modified: Sep 21, 2024

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Exploitability: 2.8 / Impact: 4.7
Source: NVD

Description

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Affected (2)

Ibm
2 products
Security Verify Access
Security Verify Access Docker
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Security Verify Access
From 10.0.0 to 10.0.8
Security Verify Access Docker
From 10.0.0 to 10.0.8

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: psirt@us.ibm.com
VDB Entry
Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.