6.1
CVE-2024-1440
- EPSS 0.07%
- Veröffentlicht 02.06.2025 16:51:16
- Zuletzt bearbeitet 06.10.2025 13:48:42
- Quelle ed10eef1-636d-4fbe-9993-6890df
- Teams Watchlist Login
- Unerledigt Login
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version3.1.0
Wso2 ≫ Api Manager Version3.2.0
Wso2 ≫ Api Manager Version4.0.0
Wso2 ≫ Identity Server Version5.10.0
Wso2 ≫ Identity Server Version5.11.0
Wso2 ≫ Identity Server Version6.0.0
Wso2 ≫ Identity Server Version6.1.0
Wso2 ≫ Identity Server Version7.0.0
Wso2 ≫ Identity Server As Key Manager Version5.10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| ed10eef1-636d-4fbe-9993-6890dfa878f8 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.