How severe is CVE-2018-15403?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2018-15403?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2018-15403

MEDIUM Year: 2018

CVSS v3 Score

5.4

Medium

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

CVE-2016-0228

MEDIUM

CVSS:5.4(Medium)

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redi...

CWE-6012016

CVE-2016-0329

MEDIUM

CVSS:5.4(Medium)

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before...

CWE-6012016

CVE-2016-4604

MEDIUM

CVSS:5.4(Medium)

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

CWE-6012016

CVE-2016-8949

MEDIUM

CVSS:5.4(Medium)

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craft...

CWE-6012016

CVE-2016-8953

MEDIUM

CVSS:5.4(Medium)

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a rem...

CWE-6012016

CVE-2017-1159

MEDIUM

CVSS:5.4(Medium)

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot...

CWE-6012017

CVE-2018-15403

Vulnerability Description

Related Vulnerabilities

CVE-2016-0228

CVE-2016-0329

CVE-2016-4604

CVE-2016-8949

CVE-2016-8953

CVE-2017-1159