What is the vulnerability ID for this Sysaid vulnerability?

The vulnerability ID for this Sysaid vulnerability is CVE-2022-22797.

What is the severity of CVE-2022-22797?

The severity of CVE-2022-22797 is medium with a CVSS score of 6.1.

What is the affected software for CVE-2022-22797?

The affected software for CVE-2022-22797 is Sysaid version up to 22.1.50 (cloud) and up to 22.1.64 (on-premises).

How can an attacker exploit CVE-2022-22797?

An attacker can exploit CVE-2022-22797 by changing the redirect link at the 'redirectURL' parameter in a GET request.

What is the risk of CVE-2022-22797?

CVE-2022-22797 poses a risk of unvalidated redirects and forwards, allowing attackers to redirect users to malicious websites.

Vulnerability/
CVE-2022-22797

medium

6.1

CWE

601

12/5/2022

16/9/2024

CVE-2022-22797: Sysaid – sysaid Open Redirect

First published: Thu May 12 2022(Updated: )

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Credit: cna@cyber.gov.il

Affected Software	Affected Version	How to fix
Sysaid On-Premises	<22.1.50
Sysaid On-Premises	<22.1.64

Remedy

Update to 22.1.50 cloud version, or to 22.1.64 on premise version.

Never miss a vulnerability like this again

Reference Links

https://www.gov.il/en/departments/faq/cve_advisories

Frequently Asked Questions

What is the vulnerability ID for this Sysaid vulnerability?
The vulnerability ID for this Sysaid vulnerability is CVE-2022-22797.
What is the severity of CVE-2022-22797?
The severity of CVE-2022-22797 is medium with a CVSS score of 6.1.
What is the affected software for CVE-2022-22797?
The affected software for CVE-2022-22797 is Sysaid version up to 22.1.50 (cloud) and up to 22.1.64 (on-premises).
How can an attacker exploit CVE-2022-22797?
An attacker can exploit CVE-2022-22797 by changing the redirect link at the 'redirectURL' parameter in a GET request.
What is the risk of CVE-2022-22797?
CVE-2022-22797 poses a risk of unvalidated redirects and forwards, allowing attackers to redirect users to malicious websites.

agent/type
agent/softwarecombine
agent/author
agent/severity
agent/title
agent/references
agent/remedy
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sysaid
canonical/sysaid on-premises

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.