CVE-2010-3473

EPSS 0.32%
Published 20.09.2010 22:00:04
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Filenet P8 Application Engine Version3.5.1

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update001

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update002

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update003

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update004

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update005

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update006

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update007

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update008

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update009

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update010

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update011

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update012

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update013

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update014

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update015

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update016

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update017

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update018

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update019

Ibm ≫ Filenet P8 Application Engine Version3.5.1 Update020

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.52

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download2.boulder.ibm.com/sar/CMA/IMA/00yrk/0/readme-ae351-021.htm

http://secunia.com/advisories/41458

Vendor Advisory

http://www.securityfocus.com/bid/43272

http://www.vupen.com/english/advisories/2010/2419

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37180

https://nvd.nist.gov/vuln/detail/CVE-2010-3473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3473

EUVD