CVE-2022-22797 Information
Description
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter edirectURL\ from\GET\ request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site an attacker may successfully launch a phishing scam and steal user credentials.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://www.gov.il/en/departments/faq/cve_advisories Sysaid – sysaid Open Redirect
An
Attacker
can
change
the
redirect
link
at
the
parameter
edirectURL
from\GET
request
from
the
url
location:
/CommunitySSORedirect.jsp?redirectURL=https://google.com.
Unvalidated
redirects
and
forwards
are
possible
when
a
web
application
accepts
untrusted
input
that
could
cause
the
web
application
to
redirect
the
request
to
a
URL
contained
within
untrusted
input.
By
modifying
untrusted
URL
input
to
a
malicious
site
an
attacker
may
successfully
launch
a
phishing
scam
and
steal
user
credentials.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: