Open Redirect

2023-09-1222:32:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cacti

open redirect

vulnerability

phishing

malware

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.9%

JSON

cacti is vulnerable to Open Redirect. An attacker could exploit this vulnerability by tricking a user into performing a password change via a malicious phishing link. Once the user clicks on the phishing link and changes their password, they will be redirected to a malicious website where the attacker could steal their credentials or install malware on their computer

CPENameOperatorVersion
cacti:sideq1.2.15+ds1-2
cacti:sideq1.2.16+ds1-2
cacti:edgeeq1.2.10-r1
cacti:edgeeq1.2.12-r0
cacti:edgeeq1.2.21-r0
cacti:edgeeq1.2.23-r0
cacti:edgeeq1.2.22-r1
cacti:edgeeq1.2.24-r0
cacti:edgeeq1.2.11-r0
cacti:edgeeq1.2.16-r0

Name	Operator	Version
cacti:sid	eq	1.2.15+ds1-2
cacti:sid	eq	1.2.16+ds1-2
cacti:edge	eq	1.2.10-r1
cacti:edge	eq	1.2.12-r0
cacti:edge	eq	1.2.21-r0
cacti:edge	eq	1.2.23-r0
cacti:edge	eq	1.2.22-r1
cacti:edge	eq	1.2.24-r0
cacti:edge	eq	1.2.11-r0
cacti:edge	eq	1.2.16-r0