CVE-2016-2989

{"id": "CVE-2016-2989", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2016-08-08T01:59:12.773", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/92344", "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1036498", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986393", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/92344", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1036498", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en el componente Connections Portlets 5.x en versiones anteriores a 5.0.2 para IBM WebSphere Portal permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:connections_portlets:5.0:*:*:*:*:websphere_portal:*:*", "vulnerable": true, "matchCriteriaId": "8E69F794-1E1C-4A03-B376-02E0F1A794E5"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}