Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-47530
HistorySep 30, 2024 - 4:15 p.m.

CVE-2024-47530

2024-09-3016:15:09
CWE-601
[email protected]
web.nvd.nist.gov
2
scout web visualizer
open redirect
https downgrade
cve-2024-47530
fix 4.89

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.7%

JSON

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

Related

cve 1
osv 1
vulnrichment 1
cvelist 1
cve
cve
CVE-2024-47530
2024-09-30 16:15:09
osv
osv
CVE-2024-47530
2024-09-30 16:15:09
vulnrichment
vulnrichment
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
2024-09-30 15:17:39
cvelist
cvelist
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
2024-09-30 15:17:39

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.7%

JSON
Related for NVD:CVE-2024-47530
cve1osv1vulnrichment1cvelist1