Total
1048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-09-16 | 6.1 Medium |
| TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | ||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2024-09-16 | 4.9 Medium |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | ||||
| CVE-2022-27509 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2024-09-16 | 6.1 Medium |
| Unauthenticated redirection to a malicious website | ||||
| CVE-2019-4538 | 1 Ibm | 1 Security Directory Server | 2024-09-16 | 8.2 High |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660. | ||||
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-09-16 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | ||||
| CVE-2017-18178 | 1 Progress | 1 Sitefinity | 2024-09-16 | N/A |
| Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | ||||
| CVE-2023-41648 | 1 Swapnilpatil | 1 Login And Logout Redirect | 2024-09-16 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3. | ||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-09-16 | 4.3 Medium |
| An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | ||||
| CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-09-16 | 7.4 High |
| Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | ||||
| CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2024-09-16 | N/A |
| IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. | ||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-09-16 | N/A |
| An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | ||||
| CVE-2020-25845 | 1 Panorama Project | 1 Nhiservisignadapter | 2024-09-16 | 7.5 High |
| Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | ||||
| CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-09-16 | N/A |
| Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | ||||
| CVE-2020-4409 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2024-09-16 | 8.2 High |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. | ||||
| CVE-2020-8559 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | 6.4 Medium |
| The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | ||||
| CVE-2021-35966 | 1 Learningdigital | 1 Orca Hcm | 2024-09-16 | 6.1 Medium |
| The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks. | ||||
| CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2024-09-16 | 6.1 Medium |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | ||||
| CVE-2018-13402 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | N/A |
| Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | ||||
| CVE-2017-1668 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. | ||||
| CVE-2016-8947 | 1 Ibm | 1 Emptoris Sourcing | 2024-09-16 | N/A |
| IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834 | ||||