Medium severity6.1NVD Advisory· Published Feb 28, 2018· Updated Jun 17, 2026

CVE-2015-3898

Description

Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Bonita BPM/Bonita BPM Portalllm-create
Range: <6.5.3

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.htmlnvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/535733/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
www.htbridge.com/advisory/HTB23259nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000