CVE-2023-5445

Name of the Vulnerable Software and Affected Versions ePolicy Orchestrator versions prior to 5.10.0 CP1 Update 2

Description An open redirect issue allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site, impacting the dashboard area of the user interface. A user would need to be logged into ePO to trigger this issue. To exploit this, the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.

Recommendations For versions prior to 5.10.0 CP1 Update 2, update to version 5.10.0 CP1 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the dashboard area of the user interface to minimize the risk of exploitation.