6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%
An “Open-Redirect” flaw was found in the Apache Shiro project. This issue may allow remote attackers to redirect legitimate users to arbitrary web sites containing malware that can compromise the user’s machine and conduct phishing attacks to steal the user’s credentials.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
bugzilla.redhat.com/show_bug.cgi?id=2254478
issues.apache.org/jira/browse/OFBIZ-12866
lists.apache.org/thread/ff0rq7rykh6zxb7l4dronowpoxrcqkr8
nvd.nist.gov/vuln/detail/CVE-2023-46750
seclists.org/oss-sec/2023/q4/275
www.cve.org/CVERecord?id=CVE-2023-46750
www.mail-archive.com/[email protected]/msg52244.html
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%