Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5623 | 1 Nitori | 1 Nitori | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
CVE-2020-3311 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page. | |||||
CVE-2020-14446 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. | |||||
CVE-2019-14882 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | |||||
CVE-2020-3954 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||||
CVE-2019-12783 | 1 Verint | 1 Impact 360 | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | |||||
CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
CVE-2020-4037 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0. | |||||
CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
CVE-2020-3178 | 1 Cisco | 1 Content Security Management Appliance | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. | |||||
CVE-2020-1927 | 8 Apache, Broadcom, Canonical and 5 more | 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | |||||
CVE-2020-8559 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 6.0 MEDIUM | 6.8 MEDIUM |
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | |||||
CVE-2020-4653 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2020-12699 | 1 Dkd | 1 Direct Mail | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | |||||
CVE-2019-19613 | 1 Halvotec | 1 Raquest | 2024-02-28 | 4.3 MEDIUM | 5.2 MEDIUM |
An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0 | |||||
CVE-2020-24598 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | |||||
CVE-2020-5337 | 1 Rsa | 1 Archer | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
CVE-2020-12666 | 2 Fedoraproject, Go-macaron | 2 Fedora, Macaron | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | |||||
CVE-2019-4209 | 1 Hcltech | 1 Connections | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | |||||
CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. |