CVE-2024-1440

{"id": "CVE-2024-1440", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-06-02T17:15:21.153", "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site.\n\nBy exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions."}], "lastModified": "2025-06-02T17:32:17.397", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}