Описание
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
Ссылки
- Third Party Advisory
- Release Notes
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1.0 (исключая)Версия до 2.1.1.0 (исключая)
Одно из
cpe:2.3:a:e-gov:e-gov:*:*:*:*:*:macos:*:*
cpe:2.3:a:e-gov:e-gov:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 17%
0.00056
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
больше 2 лет назад
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.
EPSS
Процентиль: 17%
0.00056
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862