CVE-2022-22797

Name of the Vulnerable Software and Affected Versions Sysaid (affected versions not specified)

Description The issue allows an attacker to change the redirect link at the redirectURL parameter from a GET request. Unvalidated redirects and forwards are possible when a web application accepts untrusted input, which could cause the web application to redirect the request to a URL contained within untrusted input. This could lead to a phishing scam and potentially steal user credentials. The vulnerable endpoint is "/CommunitySSORedirect.jsp?redirectURL=https://google.com", where the redirectURL parameter can be modified.

Recommendations As a temporary workaround, consider restricting access to the /CommunitySSORedirect.jsp endpoint until a patch is available. Avoid using the redirectURL parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.