3 matches found
Automated Logic WebCTRL URL Redirection to Untrusted Site (CVE-2022-1019)
Automated Logic's WebCTRL Server versions prior to and including v7.0 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. Th...
CVE-2022-1019
The CVE-2022-1019 issue affects Automated Logic WebCtrl Server (WebCtrl Server, version 6.1) where the Help index page is vulnerable to open redirection. The root cause is an input handling flaw that allows a crafted URL to redirect users to a malicious site or trigger a download of malicious con...
Automated Logic WebCTRL
1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Low attack complexity/exploitable remotely Vendor: Automated Logic is a part of Carrier Global Corporation Equipment: WebCtrl Server Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...