Sysaid – sysaid Open Redirect
CVE-2022-22797

4.6MEDIUM

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 12 May 2022

Summary

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Affected Version(s)

Sysaid cloud 22.1.49 cloud version <= 22.1.49

Sysaid on premise 22.1.63 on premise version <= 22.1.63

References

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Jan 7, 2022

Credit

Moriel Harush - Sophtix Security LTD