6.1
CVE-2023-28069
- EPSS 0.26%
- Veröffentlicht 05.04.2023 08:15:07
- Zuletzt bearbeitet 21.11.2024 07:54:20
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
LoginDell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Streaming Data Platform Version < 1.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.487 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security_alert@emc.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.