Description
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
Published: 2026-03-11
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect
Action: Apply Patch
AI Analysis

Impact

IFTOP, a product of WellChoose, contains an open redirect vulnerability that allows authenticated remote attackers to craft a URL which redirects users to arbitrary external sites. This flaw, classified as CWE-601, can be exploited to send users to malicious websites, potentially facilitating phishing or other malicious actions. The impact is the compromise of user trust and the redirection of users to unauthorised content.

Affected Systems

Affected products include WellChoose IFTOP and the associated organization portal system. No specific version information is provided; consequently all deployed instances of these products are potentially vulnerable until they are updated to IFTOP_P4_181 or later, as recommended by the vendor.

Risk and Exploitability

The CVSS score is 5.1, indicating medium severity. The EPSS score is less than 1%, suggesting a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attacker needs to be authenticated to the application, after which they can craft a redirect URL, representing a remote attack vector.

Generated by OpenCVE AI on March 17, 2026 at 21:44 UTC.

Remediation

Vendor Solution

Update to verison IFTOP_P4_181 or later.

OpenCVE Recommended Actions

  • Update IFTOP to version IFTOP_P4_181 or later.

Generated by OpenCVE AI on March 17, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wellchoose organization Portal System
CPEs cpe:2.3:a:wellchoose:organization_portal_system:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose organization Portal System

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
Title WellChoose|IFTOP - Open redirect
First Time appeared Wellchoose
Wellchoose iftop
Weaknesses CWE-601
CPEs cpe:2.3:a:wellchoose:iftop:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose
Wellchoose iftop
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Wellchoose Iftop Organization Portal System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-11T13:58:45.576Z

Reserved: 2026-03-09T03:01:57.825Z

Link: CVE-2026-3824

cve-icon Vulnrichment

Updated: 2026-03-11T13:58:39.150Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T07:16:59.717

Modified: 2026-03-17T18:48:24.363

Link: CVE-2026-3824

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:43Z

Weaknesses