SWG URL redirection vulnerability
CVE-2022-1254

6.1MEDIUM

Key Information:

Vendor: McAfee,LLC
Status: Secure Web Gateway
Vendor: CVE Published:; 20 April 2022

Summary

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

Affected Version(s)

Secure Web Gateway 10.X < 10.2.9

Secure Web Gateway 9.x < 9.2.20

Secure Web Gateway 8.x < 8.2.27

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 20, 2022
Vulnerability Reserved
Apr 6, 2022