CVE-2012-2159

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg21596690	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21598423	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74832

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_appscan_source:7.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:spss_data_collection:6.0:::::::*
	cpe:2.3:a:ibm:spss_data_collection:6.0.1:::::::*

History

No history.

Information

Published : 2012-06-20 10:27

Updated : 2024-02-04 18:16

NVD link : CVE-2012-2159

Mitre link : CVE-2012-2159

CVE.ORG link : CVE-2012-2159

JSON object : View

Products Affected

ibm

security_appscan_source
spss_data_collection

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-2159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-06-20T10:27:28.193", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74832", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-29T01:31:31.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2A8F522-B785-4C9D-B133-D895B8A5D0E2"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED735680-3700-4744-857C-EA2F005D89E6"}, {"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "673496DB-11BB-4FEB-9772-175F5D45859F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}