Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
WebITR
Source
twcert@cert.org.tw
Tags
CVE-2024-8586 details
Published : Sept. 9, 2024, 3:15 a.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Description
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.1 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
6.1
Exploitability Score
2.8
Impact Score
2.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
| URL | Source |
|---|---|
| https://www.twcert.org.tw/en/cp-139-8044-65b84-2.html | twcert@cert.org.tw |
| https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.html | twcert@cert.org.tw |
This website uses the NVD API, but is not approved or certified by it.