5.4
CVE-2023-5445
- EPSS 0.18%
- Published 17.11.2023 10:15:08
- Last modified 21.11.2024 08:41:47
- Source trellixpsirt@trellix.com
- Teams watchlist Login
- Open Login
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
Data is provided by the National Vulnerability Database (NVD)
Mcafee ≫ Epolicy Orchestrator Version < 5.10.0
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateservice_pack_1_update
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateservice_pack_1_update_1
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_1
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_10
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_11
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_11_hotfix_1
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_11_hotfix_2
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_12
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_13
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_14
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_15
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_2
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_3
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_4
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_5
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_6
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_7
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_8
Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.399 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| trellixpsirt@trellix.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.