Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2021-01-07 CVE-2020-26979 Open Redirect vulnerability in Mozilla Firefox
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address.
network
low complexity
mozilla CWE-601
6.1
2021-01-04 CVE-2020-29498 Open Redirect vulnerability in Dell Wyse Management Suite
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability.
network
low complexity
dell CWE-601
6.1
2020-12-31 CVE-2020-25846 Open Redirect vulnerability in Panorama Project Nhiservisignadapter 1.0.20.0218
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
network
low complexity
panorama-project CWE-601
7.4
2020-12-31 CVE-2020-25845 Open Redirect vulnerability in Panorama Project Nhiservisignadapter 1.0.20.0218
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
network
low complexity
panorama-project CWE-601
7.4
2020-12-27 CVE-2020-35678 Open Redirect vulnerability in Crossbar Autobahn
Autobahn|Python before 20.12.3 allows redirect header injection.
network
low complexity
crossbar CWE-601
6.1
2020-12-24 CVE-2020-27729 Open Redirect vulnerability in F5 Big-Ip Access Policy Manager
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.
network
low complexity
f5 CWE-601
6.1
2020-12-21 CVE-2020-4840 Open Redirect vulnerability in IBM Security Secret Server 10.6
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2020-12-18 CVE-2020-25901 Open Redirect vulnerability in Spiceworks 7.5.7.0
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
network
low complexity
spiceworks CWE-601
6.1
2020-12-15 CVE-2020-4849 Open Redirect vulnerability in IBM Tivoli Netcool/Impact
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw.
network
low complexity
ibm CWE-601
6.1
2020-12-09 CVE-2020-26836 Open Redirect vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
network
low complexity
sap CWE-601
6.1