Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-1629 | Open Redirect vulnerability in Tableau Server Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. | 6.1 |
| 2021-03-26 | CVE-2021-23888 | Open Redirect vulnerability in Mcafee Epolicy Orchestrator Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. | 6.3 |
| 2021-03-23 | CVE-2020-12483 | Open Redirect vulnerability in Vivo Appstore The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | 6.1 |
| 2021-03-10 | CVE-2021-21491 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |
| 2021-03-09 | CVE-2020-28150 | Open Redirect vulnerability in Inetsoftware I-Net Clear Reports 20.10.136 I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. | 6.1 |
| 2021-02-26 | CVE-2021-21273 | Open Redirect vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 6.1 |
| 2021-02-19 | CVE-2021-3189 | Open Redirect vulnerability in Google Slashify 1.0.0 The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | 6.1 |
| 2021-02-19 | CVE-2021-27404 | Open Redirect vulnerability in Asus Askey Rtf8115Vw Firmware Brsvg11.11Rtftef001V6.54V014 Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | 6.1 |
| 2021-02-16 | CVE-2020-35560 | Open Redirect vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. | 6.1 |
| 2021-02-12 | CVE-2021-22984 | Open Redirect vulnerability in F5 products On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. | 6.1 |