5.8

CVE-2012-0146

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftForefront Unified Access Gateway Version2010 Updatesp1
MicrosoftForefront Unified Access Gateway Version2010 Updatesp1_update1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/81131
http://secunia.com/advisories/48787
http://www.securityfocus.com/bid/52903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026909
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/74367
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15476