Open redirect in HPE IceWall Federation Agent

Published: 2017-05-29 16:57:31
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-8945
CVSSv3 4.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-601
Exploitation vector Network
Public exploit Not available
Vulnerable software IceWall Federation Agent
Vulnerable software versions IceWall Federation Agent 3.0
Vendor URL HPE

Security Advisory

1) Open redirect

Description

The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.

Remediation

Install update from vendor's website.

External links

http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03737en_us

Back to List