Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-1654 Open Redirect vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2018-12-03 CVE-2018-19796 Open Redirect vulnerability in Ninjaforms Ninja Forms
An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
network
low complexity
ninjaforms CWE-601
6.1
6.1
2018-11-26 CVE-2018-11067 Open Redirect vulnerability in multiple products
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability.
network
low complexity
dell vmware CWE-601
6.1
6.1
2018-11-20 CVE-2018-17948 Open Redirect vulnerability in Microfocus Access Manager
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
network
low complexity
microfocus CWE-601
6.1
6.1
2018-11-13 CVE-2018-2476 Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
6.1
2018-11-13 CVE-2018-14658 Open Redirect vulnerability in Redhat Keycloak 3.2.1
A flaw was found in JBOSS Keycloak 3.2.1.Final.
network
low complexity
redhat CWE-601
6.1
6.1
2018-10-23 CVE-2018-13402 Open Redirect vulnerability in Atlassian Jira
Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
network
low complexity
atlassian CWE-601
6.1
6.1
2018-10-23 CVE-2018-13401 Open Redirect vulnerability in Atlassian Jira
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
network
low complexity
atlassian CWE-601
6.1
6.1
2018-10-19 CVE-2018-12675 Open Redirect vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to.
network
low complexity
sv3c CWE-601
6.1
6.1
2018-10-17 CVE-2018-15493 Open Redirect vulnerability in Vbulletin 5.4.3
vBulletin 5.4.3 has an Open Redirect.
network
low complexity
vbulletin CWE-601
6.1
6.1