Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1254

Опубликовано: 20 апр. 2022
Источник: nvd
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.8.2.31 (исключая)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.2.27 (исключая)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.2.20 (исключая)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Версия от 10.0.0 (включая) до 10.2.9 (исключая)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.1.3 (исключая)

EPSS

Процентиль: 41%
0.0019
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601
CWE-601

Связанные уязвимости

github логотип

GHSA-2rm2-wchv-ghgw

CVSS3: 6.1
github
почти 4 года назад

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

EPSS

Процентиль: 41%
0.0019
Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601
CWE-601