CVE-2014-8894

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
ibmtririga_application_platform
3.2.1
ibmtririga_application_platform
3.3.2.0
ibmtririga_application_platform
3.3.2.1
ibmtririga_application_platform
3.3.2.2
ibmtririga_application_platform
3.4.0.0
ibmtririga_application_platform
3.4.0.1
ibmtririga_application_platform
3.4.1.0
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/62674
http://www-01.ibm.com/support/docview.wss?uid=swg21694772
http://www.securityfocus.com/bid/72408
https://exchange.xforce.ibmcloud.com/vulnerabilities/99013
http://secunia.com/advisories/62674
http://www-01.ibm.com/support/docview.wss?uid=swg21694772
http://www.securityfocus.com/bid/72408
https://exchange.xforce.ibmcloud.com/vulnerabilities/99013