CVE-2024-22248

VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2024-0008.html
https://www.vmware.com/security/advisories/VMSA-2024-0008.html

Configurations

No configuration.

History

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://www.vmware.com/security/advisories/VMSA-2024-0008.html -~~	() https://www.vmware.com/security/advisories/VMSA-2024-0008.html -

01 Nov 2024, 16:35

Type	Values Removed	Values Added
CWE		CWE-601

02 Apr 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-02 16:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-22248

Mitre link : CVE-2024-22248

CVE.ORG link : CVE-2024-22248

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

7.1 /10