CVE-2019-5433
First published: Mon May 06 2019(Updated: )
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Revive-adserver Revive Adserver | <4.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2019-5433.
What is the severity rating of CVE-2019-5433?
CVE-2019-5433 has a severity rating of 5.4, which is considered medium.
What software is affected by CVE-2019-5433?
The Revive Adserver software up to version 4.2.0 is affected by CVE-2019-5433.
How can the vulnerability in Revive Adserver be exploited?
The vulnerability in Revive Adserver can be exploited by tricking a user into clicking on a specially crafted URL that leads to an unsafe domain, potentially used for stealing credentials or phishing attacks.
Are there any references or resources for CVE-2019-5433?
Yes, you can find more information about CVE-2019-5433 on the following websites: [HackerOne](https://hackerone.com/reports/390663) and [Revive Adserver Security Advisory](https://www.revive-adserver.com/security/revive-sa-2019-001/).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/severity
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/revive-adserver
- canonical/revive-adserver revive adserver