|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-29 | |
| Rule Name: | IBM Security Verify Access Open Redirect Vulnerability (CVE-2024-35133) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |
| Impact: | The server does not check and control the incoming redirect URL variables, and attackers can maliciously construct any malicious address to induce users to jump to malicious websites. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 https://www.ibm.com/support/pages/node/7166712 |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://www.ibm.com/support/pages/node/7166712 |