Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
| CVE-2022-44488 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 3.5 LOW |
| Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | |||||
| CVE-2022-43950 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 4.3 MEDIUM |
| A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | |||||
| CVE-2022-41965 | 1 Apereo | 1 Opencast | 2024-11-21 | N/A | 5.7 MEDIUM |
| Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer. | |||||
| CVE-2022-41275 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | |||||
| CVE-2022-41273 | 1 Sap | 2 Contract Lifecycle Manager, Sourcing | 2024-11-21 | N/A | 4.3 MEDIUM |
| Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website. | |||||
| CVE-2022-41215 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.7 MEDIUM |
| SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | |||||
| CVE-2022-3797 | 1 Eolink | 1 Apinto-dashboard | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. | |||||
| CVE-2022-3438 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | |||||
| CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | |||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | |||||
| CVE-2022-39359 | 1 Metabase | 1 Metabase | 2024-11-21 | N/A | 6.5 MEDIUM |
| Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). | |||||
| CVE-2022-39258 | 1 Mailcow | 1 Mailcow\ | 2024-11-21 | N/A | 8.1 HIGH |
| mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | |||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2024-11-21 | N/A | 6.5 MEDIUM |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | |||||
| CVE-2022-39021 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 6.1 MEDIUM |
| U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | |||||
| CVE-2022-38779 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
| CVE-2022-38208 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2022-38201 | 1 Esri | 1 Arcgis Quickcapture | 2024-11-21 | N/A | 6.1 MEDIUM |
| An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. | |||||