Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41275 | 1 Sap | 1 Solution Manager | 2024-11-21 | 6.1 Medium |
| In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | ||||
| CVE-2022-41273 | 1 Sap | 2 Contract Lifecycle Manager, Sourcing | 2024-11-21 | 4.3 Medium |
| Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website. | ||||
| CVE-2022-41215 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 4.7 Medium |
| SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | ||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2024-11-21 | 6.1 Medium |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | ||||
| CVE-2022-41204 | 1 Sap | 1 Commerce | 2024-11-21 | 8.8 High |
| An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. | ||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2024-11-21 | 6.1 Medium |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | ||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2024-11-21 | 9.6 Critical |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | ||||
| CVE-2022-3797 | 1 Eolink | 1 Apinto-dashboard | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability. | ||||
| CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 6.1 Medium |
| In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | ||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-3438 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | ||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | ||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2024-11-21 | 4.7 Medium |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | ||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | ||||
| CVE-2022-39359 | 1 Metabase | 1 Metabase | 2024-11-21 | 6.5 Medium |
| Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). | ||||
| CVE-2022-39258 | 1 Mailcow | 1 Mailcow\ | 2024-11-21 | 8.1 High |
| mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | ||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2024-11-21 | 6.5 Medium |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | ||||
| CVE-2022-39021 | 1 Edetw | 1 U-office Force | 2024-11-21 | 6.1 Medium |
| U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | ||||
| CVE-2022-38779 | 1 Elastic | 1 Kibana | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | ||||
| CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2024-11-21 | 6.1 Medium |
| In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | ||||