CVE-2014-8894

EUVD-2014-8721
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
ibmtririga_application_platform
3.2.1
ibmtririga_application_platform
3.3.2.0
ibmtririga_application_platform
3.3.2.1
ibmtririga_application_platform
3.3.2.2
ibmtririga_application_platform
3.4.0.0
ibmtririga_application_platform
3.4.0.1
ibmtririga_application_platform
3.4.1.0
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/62674
http://www-01.ibm.com/support/docview.wss?uid=swg21694772
http://www.securityfocus.com/bid/72408
https://exchange.xforce.ibmcloud.com/vulnerabilities/99013
http://secunia.com/advisories/62674
http://www-01.ibm.com/support/docview.wss?uid=swg21694772
http://www.securityfocus.com/bid/72408
https://exchange.xforce.ibmcloud.com/vulnerabilities/99013