CVE-2019-14912

Sažetak

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Reference

http://www.adas-sso.com/es/extra/download.php
https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

23-09-2019 - 13:28

Objavljeno

20-09-2019 - 14:15