Open Redirect Vulnerability in GroupSession by GroupSession
CVE-2021-20875

6.1MEDIUM

Key Information:

Vendor

Japan Total System Co.,ltd.

Status
Groupsession Free Edition, Groupsession Bycloud, Groupsession Zion
Vendor
CVE Published:
24 December 2021

What is CVE-2021-20875?

An open redirect vulnerability exists in the GroupSession Free edition, GroupSession byCloud, and GroupSession ZION, all versions 5.1.1 and earlier. This flaw allows a remote unauthenticated attacker to manipulate users into visiting malicious websites. By crafting a specifically designed URL, attackers can redirect users from legitimate sites to unintended locations, facilitating phishing attempts and potentially compromising user credentials. Organizations using these affected GroupSession products should promptly apply necessary security measures to safeguard their users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GroupSession Free edition, GroupSession byCloud, GroupSession ZION GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier

References

https://groupsession.jp/info/info-news/security20211220
x_refsource_MISC
https://jvn.jp/en/jp/JVN79798166/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.