PT-2023-23664 · Avaya · Avaya Ix Workforce Engagement
Published
2023-05-30
·
Updated
2023-06-02
·
CVE-2023-32218
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Avaya IX Workforce Engagement version 15.2.7.1195
Description
The issue is related to URL redirection to untrusted sites, also known as an 'Open Redirect'. This occurs when a web application redirects a user to a URL without properly validating it, potentially allowing an attacker to redirect the user to a malicious site.
Recommendations
For Avaya IX Workforce Engagement version 15.2.7.1195, consider restricting access to untrusted URLs as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avaya Ix Workforce Engagement