CVE-2022-22797
4.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SysAid | Sysaid | 22.1.49 cloud version <= 22.1.49 | affected |
| SysAid | Sysaid | 22.1.63 on premise version <= 22.1.63 | affected |
Weaknesses
- CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.