PT-2019-13860 · Prise · Prise Adas
Published
2019-09-20
·
Updated
2019-09-23
·
CVE-2019-14912
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PRiSE adAS version 1.7.0
Description
An issue in the OPENSSO module of PRiSE adAS does not properly check the
goto parameter, leading to an open redirect. This results in the leakage of the session cookie.Recommendations
For version 1.7.0, consider restricting access to the OPENSSO module until a patch is available. As a temporary workaround, avoid using the
goto parameter in sensitive operations to minimize the risk of session cookie leakage.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prise Adas