PT-2021-14851 · Unknown · Uaa Server
Amit Laish
·
Published
2021-08-11
·
Updated
2021-08-19
·
CVE-2021-22098
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UAA server versions prior to 75.4.0
Description
The issue allows a malicious user to exploit an open redirect vulnerability through social engineering, potentially leading to the takeover of victims' accounts and redirection of UAA users to malicious sites.
Recommendations
For UAA server versions prior to 75.4.0, update to version 75.4.0 or later to resolve the issue.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uaa Server