Main
Vulnerability Database
Exploits
ID:1424 - Exploit for Open redirect in Privileged Access Manager - CVE-2015-4668
ID:1424 - Exploit for Open redirect in Privileged Access Manager - CVE-2015-4668
Published: March 18, 2020
Vulnerability identifier: #VU13356
Vulnerability risk: Low
CVE-ID: CVE-2015-4668
CWE-ID: CWE-601
Exploitation vector: Remote access
Vulnerable software:
Privileged Access Manager
Privileged Access Manager
Link to public exploit:
Vulnerability description
The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.
The weakness exists due to open redirect in openwin.php script. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.
The weakness exists due to open redirect in openwin.php script. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.
Remediation
Update to version 3.0.0 or later.