CVE-2022-25799
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.2%
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated userβs browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the userβs credentials.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cert:vince | cert vince | lt | 1.50.0 |
CNA Affected
[
{
"vendor": "CERT/CC",
"product": "VINCE - The Vulnerability Information and Coordination Environment ",
"versions": [
{
"version": "1.50.0",
"status": "affected",
"lessThan": "1.50.0",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.2%