PT-2017-16158 · Cisco · Cisco Registered Envelope Service

Published

2017-04-07

Updated

2017-04-14

CVE-2017-3889

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Registered Envelope Service version 5.1.0-015

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page, also known as an Open Redirect. This issue affects the Cisco Registered Envelope cloud-based service.

Recommendations For version 5.1.0-015, update to a version that includes the fix for this issue to prevent unauthorized redirects.

Fix

Open Redirect

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-20

Related Identifiers

CVE-2017-3889

Affected Products

Cisco Registered Envelope Service

PT-2017-16158 · Cisco · Cisco Registered Envelope Service

CVE-2017-3889

Weakness Enumeration

Related Identifiers

Affected Products

References · 4