CVE-2022-44718

Name of the Vulnerable Software and Affected Versions NetScout nGeniusONE version 6.3.2 build 904

Description An issue was discovered in NetScout nGeniusONE, where Open Redirection can occur. After a successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged.

Recommendations For NetScout nGeniusONE version 6.3.2 build 904, as a temporary workaround, consider restricting access to the vulnerable parameter until a patch is available. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.