CVE-2022-4591707.12.2022, 01:15ILIAS before 7.16 has an Open Redirect.Open RedirectEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.1 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NmitreCNA------CVEADP------CISA-ADPADP6.1 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 96%VendorProductVersioniliasilias𝑥< 7.16𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2022/Dec/7https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2022/Dec/7https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/Common Weakness EnumerationCWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Referenceshttp://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2022/Dec/7https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/http://packetstormsecurity.com/files/170181/ILIAS-eLearning-7.15-Command-Injection-XSS-LFI-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2022/Dec/7https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/