CVE-2023-5445Open Redirect in Epolicy Orchestrator

CWE-601Open Redirect3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 60.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mcafee Epolicy OrchestratorTrellix Epolicy Orchestrator
Timeline
PublishedNov 17

Description

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5trellix/epolicy_orchestratorPrior to 5.10.0 SP1 UP2

🔴Vulnerability Details

2
CVEList
CVE-2023-5445: An open redirect vulnerability in ePolicy Orchestrator prior to 52023-11-17
GHSA
GHSA-wxv3-wwgp-8547: An open redirect vulnerability in ePolicy Orchestrator prior to 52023-11-17
CVE-2023-5445 — Open Redirect in Mcafee | cvebase