CVE-2022-1254

EPSS 0.19%
Published 20.04.2022 13:15:07
Last modified 21.11.2024 06:40:21
Source trellixpsirt@trellix.com
Teams watchlist Login
Open Login

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Web Gateway Version >= 7.0.0 < 7.8.2.31

Mcafee ≫ Web Gateway Version >= 8.0.0 < 8.2.27

Mcafee ≫ Web Gateway Version >= 9.0.0 < 9.2.20

Mcafee ≫ Web Gateway Version >= 10.0.0 < 10.2.9

Mcafee ≫ Web Gateway Version >= 11.0.0 < 11.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.412

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
trellixpsirt@trellix.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://kc.mcafee.com/corporate/index?page=content&id=SB10381

Vendor Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-1254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1254

EUVD