Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2018-7674 | Open Redirect vulnerability in Netiq Identity Manager 4.5 The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | 6.1 |
| 2018-03-26 | CVE-2018-8937 | Open Redirect vulnerability in Open-Audit 2.1 An issue was discovered in Open-AudIT Professional 2.1. | 6.1 |
| 2018-03-14 | CVE-2018-0924 | Open Redirect vulnerability in Microsoft Exchange Server 2010/2013/2016 Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". | 6.5 |
| 2018-03-08 | CVE-2018-1220 | Open Redirect vulnerability in EMC RSA Archer EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. | 6.1 |
| 2018-03-07 | CVE-2018-7473 | Open Redirect vulnerability in Soconnect Sowifi Hotspot Firmware 140 Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | 6.1 |
| 2018-03-02 | CVE-2017-14802 | Open Redirect vulnerability in Netiq Access Manager Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | 6.1 |
| 2018-03-01 | CVE-2017-6932 | Open Redirect vulnerability in multiple products Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. | 4.7 |
| 2018-02-28 | CVE-2015-3898 | Open Redirect vulnerability in Bonitasoft Bonita BPM Portal Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | 6.1 |
| 2018-02-16 | CVE-2018-6324 | Open Redirect vulnerability in F-Secure Radar 3.9.1 F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | 6.1 |
| 2018-02-15 | CVE-2017-8945 | Open Redirect vulnerability in HP Icewall Federation Agent 3.0 A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. | 6.1 |