7.4
CVE-2025-2824
- EPSS 0.04%
- Veröffentlicht 01.08.2025 17:46:30
- Zuletzt bearbeitet 14.08.2025 18:49:21
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Operational Decision Manager Version8.11.0.1
Ibm ≫ Operational Decision Manager Version8.11.1.0
Ibm ≫ Operational Decision Manager Version8.12.0.1
Ibm ≫ Operational Decision Manager Version9.0.0.1
Ibm ≫ Operational Decision Manager Version9.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.04% | 0.124 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
|
psirt@us.ibm.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.