CVE-2019-14912

Name of the Vulnerable Software and Affected Versions PRiSE adAS version 1.7.0

Description An issue in the OPENSSO module of PRiSE adAS does not properly check the goto parameter, leading to an open redirect. This results in the leakage of the session cookie.

Recommendations For version 1.7.0, consider restricting access to the OPENSSO module until a patch is available. As a temporary workaround, avoid using the goto parameter in sensitive operations to minimize the risk of session cookie leakage.