IBM Tealeaf Customer Experience 9.0.2 Remote Code Execution Vulnerability
13 Jan. 2017
Summary
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors.
Vulnerable Systems:
* IBM Tealeaf Customer Experience 8.7
* IBM Tealeaf Customer Experience 8.8
* IBM Tealeaf Customer Experience 9.0.0
* IBM Tealeaf Customer Experience 9.0.1
* IBM Tealeaf Customer Experience 9.0.1a
* IBM Tealeaf Customer Experience 9.0.2
* IBM Tealeaf Customer Experience 9.0.2a
IBM Tealeaf Customer Experience could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.