Open Redirect Vulnerability in Revive Adserver by Revive Network
CVE-2019-5433

5.4MEDIUM

Key Information:

Vendor: Revive-adserver
Status: Revive Adserver
Vendor: CVE Published:; 6 May 2019

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2019-5433?

A security issue exists in Revive Adserver that allows users with access to the user interface to be redirected to an untrusted domain through a manipulated URL. This vulnerability can be exploited by attackers to execute phishing attempts, potentially compromising user credentials. The issue was addressed in version 4.2.0 of Revive Adserver.

Affected Version(s)

Revive Adserver Fixed version v4.2.0

References

https://www.revive-adserver.com/security/revive-sa-2019-001/

x_refsource_MISC

https://hackerone.com/reports/390663

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2019
Vulnerability Reserved
Jan 4, 2019

JSON