Vulnerability Description
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Commerce | 7.0 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54295
- http://www-01.ibm.com/support/docview.wss?uid=swg21969562Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24041142Vendor Advisory
- http://www.securitytracker.com/id/1034640
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54295
- http://www-01.ibm.com/support/docview.wss?uid=swg21969562Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24041142Vendor Advisory
- http://www.securitytracker.com/id/1034640
FAQ
What is CVE-2015-7397?
CVE-2015-7397 is a vulnerability with a CVSS score of 7.4 (HIGH). Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phis...
How severe is CVE-2015-7397?
CVE-2015-7397 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7397?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Commerce.