CVE-2019-19613

Опубликовано: 16 мар. 2020

Источник: nvd

CVSS3: 5.2

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0

Ссылки

https://excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/
Third Party Advisory
https://halvotec.de/produkte/raquest/
Product
Vendor Advisory
https://excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/
Third Party Advisory
https://halvotec.de/produkte/raquest/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:halvotec:raquest:10.23.10801.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.002

Низкий

5.2 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-gwq3-c78x-92gx

github

больше 3 лет назад

** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. NOTE: the vendor does not recognize this issue and will not patch it.