CVE-2019-15688

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus versions up to 2020 Kaspersky Internet Security versions up to 2020 Kaspersky Total Security versions up to 2020 Kaspersky Free Anti-Virus versions up to 2020 Kaspersky Small Office Security versions up to 2020 Kaspersky Security Cloud versions up to 2020

Description The web protection component of the affected Kaspersky products did not adequately inform the user about the threat of redirecting to an untrusted site, allowing for bypass. This issue is related to the use of open redirection, which can be exploited by a remote attacker to redirect the user to an arbitrary site.

Recommendations For Kaspersky Anti-Virus versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. For Kaspersky Internet Security versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. For Kaspersky Total Security versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. For Kaspersky Free Anti-Virus versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. For Kaspersky Small Office Security versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. For Kaspersky Security Cloud versions up to 2020, update the web protection component to a version that properly informs the user about potential threats. As a temporary workaround, consider restricting access to untrusted sites until the issue is resolved.