PT-2022-13753 · Mcafee · Skyhigh Swg
Published
2022-04-20
·
Updated
2023-11-16
·
CVE-2022-1254
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Skyhigh SWG versions 7.x prior to 7.8.2.31
Skyhigh SWG versions 8.x prior to 8.2.27
Skyhigh SWG versions 9.x prior to 9.2.20
Skyhigh SWG versions 10.x prior to 10.2.9
Skyhigh SWG versions 11.x prior to 11.1.3
Description
A URL redirection issue in Skyhigh SWG allows a remote attacker to redirect a user to a malicious website. This occurs because SWG incorrectly creates an HTTP redirect response when a user clicks a carefully constructed URL. The new request is still filtered by the SWG policy after the redirect response.
Recommendations
For Skyhigh SWG versions 7.x prior to 7.8.2.31, update to version 7.8.2.31 or later.
For Skyhigh SWG versions 8.x prior to 8.2.27, update to version 8.2.27 or later.
For Skyhigh SWG versions 9.x prior to 9.2.20, update to version 9.2.20 or later.
For Skyhigh SWG versions 10.x prior to 10.2.9, update to version 10.2.9 or later.
For Skyhigh SWG versions 11.x prior to 11.1.3, update to version 11.1.3 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Skyhigh Swg