Total
922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4653 | 1 Ibm | 1 Planning Analytics | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2019-4209 | 1 Hcltech | 1 Connections | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | |||||
CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | |||||
CVE-2020-5541 | 1 Cybersolutions | 1 Cybermail | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | |||||
CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | |||||
CVE-2020-3954 | 1 Vmware | 1 Vrealize Log Insight | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||||
CVE-2020-4598 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. | |||||
CVE-2020-13121 | 1 Rcos | 1 Submitty | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | |||||
CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
CVE-2020-15129 | 1 Traefik | 1 Traefik | 2023-12-10 | 4.0 MEDIUM | 4.7 MEDIUM |
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. | |||||
CVE-2019-19613 | 1 Halvotec | 1 Raquest | 2023-12-10 | 4.3 MEDIUM | 5.2 MEDIUM |
An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0 | |||||
CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | |||||
CVE-2020-11529 | 1 Getgrav | 1 Grav | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | |||||
CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
CVE-2020-5623 | 1 Nitori | 1 Nitori | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | |||||
CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. |