CVE-2020-29537

MEDIUM Year: 2020
CVSS v3 Score
5.4
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

Related Vulnerabilities

CVE-2016-0228

MEDIUM
CVSS:5.4(Medium)

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redi...

CWE-6012016

CVE-2016-0329

MEDIUM
CVSS:5.4(Medium)

Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before...

CWE-6012016

CVE-2016-4604

MEDIUM
CVSS:5.4(Medium)

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

CWE-6012016

CVE-2016-8949

MEDIUM
CVSS:5.4(Medium)

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craft...

CWE-6012016

CVE-2016-8953

MEDIUM
CVSS:5.4(Medium)

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a rem...

CWE-6012016

CVE-2017-1159

MEDIUM
CVSS:5.4(Medium)

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot...

CWE-6012017