VYPR
Get started
← All advisories
Medium severity6.1NVD Advisory· Published Jul 10, 2017· Updated May 13, 2026

CVE-2017-1398

CVE-2017-1398

Description

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.

Affected products

55
  • IBM/Websphere Commerce54 versions
    cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*+ 53 more
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*
  • IBM/WebSphere Commerce Enterprisev5
    Range: 6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.