CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
ibmCNA
6.8 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/PR:L/C:N/UI:R/I:H/A:N/AC:L/S:C/AV:N/E:U/RL:O/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
ibmcontrol_desk
7.6.1
ibmcontrol_desk
7.6.1.1
ibmmaximo_asset_configuration_manager
7.6.6
ibmmaximo_asset_configuration_manager
7.6.7
ibmmaximo_asset_configuration_manager
7.6.7.1
ibmmaximo_asset_health_insights
7.6.1
ibmmaximo_asset_health_insights
7.6.1.1
ibmmaximo_asset_management
𝑥
< 7.6.1.2
ibmmaximo_asset_management_scheduler
7.6.7
ibmmaximo_asset_management_scheduler
7.6.7.1
ibmmaximo_asset_management_scheduler
7.6.7.3
ibmmaximo_asset_management_scheduler_plus
7.6.7
ibmmaximo_asset_management_scheduler_plus
7.6.7.1
ibmmaximo_asset_management_scheduler_plus
7.6.7.3
ibmmaximo_calibration
7.6
ibmmaximo_enterprise_adapter
7.6
ibmmaximo_enterprise_adapter
7.6.1
ibmmaximo_equipment_maintenance_assistant
-
ibmmaximo_for_aviation
7.6.6
ibmmaximo_for_aviation
7.6.7
ibmmaximo_for_aviation
7.6.8
ibmmaximo_for_life_sciences
7.6
ibmmaximo_for_nuclear_power
7.6.1
ibmmaximo_for_oil_and_gas
7.6.1
ibmmaximo_for_service_providers
7.6.3.1
ibmmaximo_for_service_providers
7.6.3.2
ibmmaximo_for_service_providers
7.6.3.3
ibmmaximo_for_transportation
7.6.2.3
ibmmaximo_for_transportation
7.6.2.4
ibmmaximo_for_transportation
7.6.2.5
ibmmaximo_for_utilities
7.6.0.1
ibmmaximo_for_utilities
7.6.0.2
ibmmaximo_linear_asset_manager
7.6.0
ibmmaximo_linear_asset_manager
7.6.0.2
ibmmaximo_linear_asset_manager
7.6.0.3
ibmmaximo_network_on_blockchain
7.6.0.0
ibmmaximo_network_on_blockchain
7.6.0.1
ibmmaximo_spatial_asset_management
7.6.0.2
ibmmaximo_spatial_asset_management
7.6.0.3
ibmmaximo_spatial_asset_management
7.6.0.4
ibmmaximo_spatial_asset_management
7.6.0.5
ibmtivoli_integration_composer
7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/179537
https://www.ibm.com/support/pages/node/6333091
https://exchange.xforce.ibmcloud.com/vulnerabilities/179537
https://www.ibm.com/support/pages/node/6333091