Описание
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.3 (исключая)
cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03409
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
EPSS
Процентиль: 87%
0.03409
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601