Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Security Secret Server 输入验证错误漏洞
Vulnerability Description
IBM Security Secret Server是美国IBM公司的一套特权访问管理解决方案。该产品支持密码管理、特权账号识别和特权会话访问监控记录等功能。 IBM Security Secret Server 10.6 版本存在安全漏洞,该漏洞允许远程攻击者可利用该漏洞使用开放重定向攻击进行钓鱼攻击。通过说服受害者访问一个特别设计的网站,远程攻击者可利用该漏洞可以利用此漏洞欺骗显示的URL,将用户重定向到看似可信的恶意网站。这可能使攻击者可利用该漏洞获得高度敏感的信息或对受害者进行进一步的攻击。
CVSS Information
N/A
Vulnerability Type
N/A