6.1
CVE-2017-1000027
- EPSS 2.14%
- Veröffentlicht 17.07.2017 13:18:16
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginKoozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Koozali ≫ Sme Server Version8.0
Koozali ≫ Sme Server Version9.0
Koozali ≫ Sme Server Version9.2
Koozali ≫ Sme Server Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.14% | 0.826 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.