IBM Security Verify Access Flaw Let Attacker Launch Phishing Attacks

by Esmeralda McKenzie
IBM Security Verify Access Flaw Let Attacker Launch Phishing Attacks

IBM Security Verify Access Flaw Let Attacker Launch Phishing Attacks

IBM Security Test Procure admission to Let Attacker conduct phishing attacks

An Open-redirect vulnerability used to be came all over by IBM, which might per chance per chance allow likelihood actors to spoof the distinctive URL of IBM Security Test Procure admission to to entice victims into a malicious web suppose and rob mushy facts.

IBM Security Test Procure admission to provides a comprehensive answer for managing community security insurance policies and authorization. It ensures complete security of resources all over intranets and extranets, even when they’re geographically dispersed.

With IBM Security Test Procure admission to, you compose get entry to to a form of functions, in conjunction with authentication, authorization, facts security, and centralized helpful resource management.

This vulnerability is current as a end result of the default configuration of the AAC (Stepped forward Procure admission to Management) module. IBM mentioned that the patch to repair this vulnerability already exists which might even be archaic by customers to forestall it from getting exploited.

CVE-2023-30433: IBM Security Test Procure admission to HTTP originate redirect

This vulnerability exists within the IBM Security Test Procure admission to 10.0 versions which an attacker can employ to conduct phishing attacks with a specially crafted URL.

Winning exploitation of this vulnerability can let an attacker create highly mushy facts from the victims. The CVSS in discovering for this vulnerability is given as 5.4 (Medium).

Affected Merchandise

Affected Product(s) Model(s)
IBM Security Test Procure admission to Appliance 10.0.X
IBM Security Test Procure admission to Docker 10.0.X

Remediation

To repair this vulnerability, the sps.targetURLWhitelist property within the IBM Security Test Procure admission to products must be modified with a list of comma-separated whitelisting URLs. This prevents the redirection from taking place.

Users of these products are advised to study the most foremost fixes for patching this vulnerability.

Source credit : cybersecuritynews.com

Related Posts