| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2017-8945 |
| CVSSv3 |
4.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] |
| CWE ID | CWE-601 |
| Exploitation vector | Network |
| Public exploit | Not available |
| Vulnerable software |
IceWall Federation Agent |
| Vulnerable software versions |
IceWall Federation Agent 3.0 |
| Vendor URL | HPE |
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.
Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.Install update from vendor's website.
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03737en_us