The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | |
Weaknesses | CWE-601 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2024-10-08T08:40:41.244Z
Updated: 2024-12-10T13:53:51.834Z
Reserved: 2024-09-12T07:06:38.064Z
Link: CVE-2024-46886
Vulnrichment
Updated: 2024-10-09T14:55:19.468Z
NVD
Status : Awaiting Analysis
Published: 2024-10-08T09:15:16.093
Modified: 2024-10-10T12:56:30.817
Link: CVE-2024-46886
Redhat
No data.