Lucene search

INCDCVELIST:CVE-2022-22797

HistoryMay 09, 2022 - 12:00 a.m.

CVE-2022-22797 Sysaid – sysaid Open Redirect

2022-05-0900:00:00

CWE-601

INCD

www.cve.org

sysaid

open redirect

unvalidated redirects

CVSS3

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter “redirectURL” from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

CNA Affected

[
  {
    "platforms": [
      "cloud"
    ],
    "product": "Sysaid ",
    "vendor": "SysAid ",
    "versions": [
      {
        "lessThanOrEqual": "22.1.49",
        "status": "affected",
        "version": "22.1.49 cloud version",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "on premise"
    ],
    "product": "Sysaid ",
    "vendor": "SysAid ",
    "versions": [
      {
        "lessThanOrEqual": "22.1.63",
        "status": "affected",
        "version": "22.1.63 on premise version",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/departments/faq/cve_advisories