CVE-2014-8894 - Vulnerability Details - OpenCVE

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Tririga Application Platform

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tririga_application_platform:3.2.1:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:::::::*
	cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/62674
http://www-01.ibm.com/support/docview.wss?uid=swg21694772
http://www.securityfocus.com/bid/72408
https://exchange.xforce.ibmcloud.com/vulnerabilities/99013

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-01-29T01:00:00

Updated: 2024-08-06T13:33:12.509Z

Reserved: 2014-11-14T00:00:00

Link: CVE-2014-8894

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-01-29T01:59:01.450

Modified: 2024-11-21T02:19:54.633

Link: CVE-2014-8894

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-tririga-cve20148894-redirect(99013)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"}, {"name": "72408", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72408"}, {"name": "62674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62674"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8894", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-tririga-cve20148894-redirect(99013)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"}, {"name": "72408", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72408"}, {"name": "62674", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62674"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:12.509Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-tririga-cve20148894-redirect(99013)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"}, {"name": "72408", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72408"}, {"name": "62674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62674"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8894", "datePublished": "2015-01-29T01:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T13:33:12.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "46D0A920-F5D2-4FB7-8EF1-E892B27F3158", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "110B75DA-3B5D-4B2A-A243-C02F04A69DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3CFF6D9D-633A-414B-9A81-9627F1006F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "97EB5F4E-24BB-4F17-80B1-963DBC66E44D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC985F26-E915-49CA-951A-7E3FE59E5377", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4271E1DA-B047-4C91-93D6-EF5A9EE9AC51", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "27D8FE59-90C3-4EE3-BA70-01C71DCC27B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 anterior a 3.3.2.3, y 3.4.1 anterior a 3.4.1.1 permite a usuarios remotos autenticados redirigir usuarios redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s del par\u00e1metro out."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", "id": "CVE-2014-8894", "lastModified": "2024-11-21T02:19:54.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-01-29T01:59:01.450", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/62674"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/72408"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}