6.1
CVE-2022-39021
- EPSS 0.26%
- Veröffentlicht 31.10.2022 07:15:09
- Zuletzt bearbeitet 21.11.2024 07:17:23
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginU-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Edetw ≫ U-office Force Version <= 20.50.7821d
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.489 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| twcert@cert.org.tw | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.