Lucene search
HistoryOct 31, 2022 - 7:15 a.m.
CVE-2022-39021
u-office
force login
open redirect
vulnerability
remote attacker
arbitrary website
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
44.6%
U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.
Affected configurations
Node
edetwu-office_forceRange≤20.50.7821d
| Vendor | Product | Version | CPE |
|---|---|---|---|
| edetw | u-office_force | * | cpe:2.3:a:edetw:u-office_force:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-39021
2022-10-31 07:15:09
cvelist
cvelist
CVE-2022-39021 e-Excellence Inc. U-Office Force - Open Redirect
2022-10-31 06:40:33
prion
prion
Open redirect
2022-10-31 07:15:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
44.6%
Related for NVD:CVE-2022-39021