CVE-2019-5433

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
revive-adserverrevive_adserver
𝑥
< 4.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hackerone.com/reports/390663
https://www.revive-adserver.com/security/revive-sa-2019-001/
https://hackerone.com/reports/390663
https://www.revive-adserver.com/security/revive-sa-2019-001/