N/A

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.

N/A

N/A

多款IBM产品安全漏洞

IBM WebSphere Commerce Enterprise等都是美国IBM公司的产品。IBM WebSphere Commerce Enterprise是一套用于大容量的B2C和B2B业务模型以及多个电子商务站点的电子商务解决方案；Express是一套商业智能和规划解决方案。 多款IBM产品中存在开放重定向漏洞。远程攻击者可通过诱使用户访问特制的网站利用该漏洞将用户重定向恶意的网站，实施钓鱼攻击，获取敏感信息。以下产品和版本受到影响：IBM WebSphere Commerce Enterpris

N/A

N/A