CVE-2016-10315

Name of the Vulnerable Software and Affected Versions Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3) Jensen of Scandinavia AS Air:Link 5000AC (AL5000AC) version 1.13 Jensen of Scandinavia AS Air:Link 59300 (AL59300) version 1.04 (Rev. 4)

Description The issue allows remote attackers to conduct Open Redirect attacks. This is achieved via the submit-url parameter to certain "/goform/" pages, such as "/goform/" API endpoints.

Recommendations For Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), consider restricting access to the /goform/* pages until a patch is available. For Jensen of Scandinavia AS Air:Link 5000AC (AL5000AC) version 1.13, avoid using the submit-url parameter in the affected API endpoints until the issue is resolved. For Jensen of Scandinavia AS Air:Link 59300 (AL59300) version 1.04 (Rev. 4), restrict the use of the vulnerable component related to the /goform/* pages as a temporary workaround.