Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8894

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2014-8894
Last Modified 17 Sep 2015 02:11:28
Published 28 Jan 2015 08:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-8894

Summary

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

Vulnerable Systems

Application

  • Ibm Tririga Application Platform 3.2.1

  • Ibm Tririga Application Platform 3.3.2.0

  • Ibm Tririga Application Platform 3.3.2.1

  • Ibm Tririga Application Platform 3.3.2.2

  • Ibm Tririga Application Platform 3.4.0.0

  • Ibm Tririga Application Platform 3.4.0.1

  • Ibm Tririga Application Platform 3.4.1.0


References

XF - ibm-tririga-cve20148894-redirect(99013)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21694772

BID - 72408

SECUNIA - 62674


Last Updated: 27 May 2016 11:07:42