Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | |||||
| CVE-2020-6365 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | |||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | |||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | |||||
| CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
| CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
| CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | |||||
| CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
| CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2020-5623 | 1 Nitori | 1 Nitori | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2020-5541 | 1 Cybersolutions | 1 Cybermail | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2020-5409 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) | |||||
| CVE-2020-5337 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 MEDIUM | 4.6 MEDIUM |
| RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2020-5329 | 1 Dell | 1 Emc Avamar Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
| CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.8 MEDIUM | 4.1 MEDIUM |
| In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-11-21 | 5.8 MEDIUM | 5.9 MEDIUM |
| OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | |||||
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | |||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. | |||||
| CVE-2020-4653 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||