Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-27 | CVE-2020-35678 | Open Redirect vulnerability in Crossbar Autobahn Autobahn|Python before 20.12.3 allows redirect header injection. | 6.1 |
| 2020-12-24 | CVE-2020-27729 | Open Redirect vulnerability in F5 Big-Ip Access Policy Manager In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. | 6.1 |
| 2020-12-21 | CVE-2020-4840 | Open Redirect vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2020-12-21 | CVE-2020-26275 | Open Redirect vulnerability in Jupyter Server The Jupyter Server provides the backend (i.e. | 6.1 |
| 2020-12-18 | CVE-2020-25901 | Open Redirect vulnerability in Spiceworks 7.5.7.0 Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 6.1 |
| 2020-12-15 | CVE-2020-4849 | Open Redirect vulnerability in IBM Tivoli Netcool/Impact IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. | 6.1 |
| 2020-12-09 | CVE-2020-26836 | Open Redirect vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. | 6.1 |
| 2020-12-04 | CVE-2020-29565 | Open Redirect vulnerability in multiple products An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. | 6.1 |
| 2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 6.1 |
| 2020-11-24 | CVE-2020-26232 | Open Redirect vulnerability in Jupyter Server Jupyter Server before version 1.0.6 has an Open redirect vulnerability. | 5.4 |