CVE-2010-2732 — Improper Input Validation in Microsoft Forefront Unified Access Gateway

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

32.3%

top 3.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Forefront Unified Access Gateway

Timeline

PublishedNov 10

Latest updateMay 14

Description

Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDmicrosoft/forefront_unified_access_gateway2010

🔴Vulnerability Details

GHSA

GHSA-7443-8957-rjqm: Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allow↗2022-05-14

▶

CVEList

CVE-2010-2732: Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allow↗2010-11-10

▶