IBM WebSphere Commerce Aurora Starter Store Open Redirect Vulnerability


Description   (:A vulnerability has been identified in the Aurora starter store of IBM WebSphere Commerce.:A remote attacker could exploit it to redirect their victim to an arbitrary web site.::This vulnerability is due to open redirections in multiple scripts.)
     
Vulnerable Products   Vulnerable Software:
WebSphere Commerce Express (IBM) - 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8WebSphere Commerce Suite (IBM) - 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8WebSphere Commerce Suite Pro (IBM) - 7.0.0.5, 7.0.0.6, 7.0.0.7, 7.0.0.8
     
Solution   IBM has released APAR JR54295 that fixes this vulnerability.
     
CVE   CVE-2015-7397
     
References   - IBM : Open Redirect issue in Aurora starter store in IBM WebSphere Commerce (CVE-2015-7397)
http://www-01.ibm.com/support/docview.wss?uid=swg21969562
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-01-05 

 Target Type 
Server 

 Possible exploit 
Remote