CVE-2016-8961
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
IBM BigFix Inventory v9 podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redirección abierto. Persuadiendo a una víctima para que visite una web especialmente manipulada, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio web malicioso que parecería ser de confianza. Esto podría permitir al atacante obtener información altamente sensible o realizar nuevos ataques contra la víctima.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-25 CVE Reserved
- 2017-02-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95128 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21995037 | 2017-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | License Metric Tool Search vendor "Ibm" for product "License Metric Tool" | 9.2.0 Search vendor "Ibm" for product "License Metric Tool" and version "9.2.0" | - |
Affected
| in | Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | License Metric Tool Search vendor "Ibm" for product "License Metric Tool" | 9.2.0 Search vendor "Ibm" for product "License Metric Tool" and version "9.2.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | License Metric Tool Search vendor "Ibm" for product "License Metric Tool" | 9.2.0 Search vendor "Ibm" for product "License Metric Tool" and version "9.2.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | License Metric Tool Search vendor "Ibm" for product "License Metric Tool" | 9.2.0 Search vendor "Ibm" for product "License Metric Tool" and version "9.2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | License Metric Tool Search vendor "Ibm" for product "License Metric Tool" | 9.2.0 Search vendor "Ibm" for product "License Metric Tool" and version "9.2.0" | - |
Affected
| in | Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Bigfix Inventory Search vendor "Ibm" for product "Bigfix Inventory" | <= 9.2 Search vendor "Ibm" for product "Bigfix Inventory" and version " <= 9.2" | - |
Affected
| ||||||