IBM WebSphere Commerce Enterprise, Professional, Express, and Developer could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE(s): CVE-2018-1739
Affected product(s) and affected version(s):
WebSphere Commerce versions 9.0.0.0 – 9.0.0.4
WebSphere Commerce versions 8.0.0.0 – 8.0.0.19
WebSphere Commerce versions 8.0.1.0 – 8.0.1.13
WebSphere Commerce versions 8.0.3.0 – 8.0.3.6
WebSphere Commerce versions 8.0.4.0 – 8.0.4.15
WebSphere Commerce version 7.0.0.0 Feature Pack 8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10725439
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148093
The post IBM Security Bulletin: IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack (CVE-2018-1739) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2w4EKzV
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.