Open Redirect Vulnerability in VI Web Client by Download VI
CVE-2023-38574

6.1MEDIUM

Key Information:

Vendor: I-pro Co., Ltd.
Status: Vi Web Client
Vendor: CVE Published:; 5 September 2023

🔔 Create I-pro Co., Ltd. Vulnerability Alert

What is CVE-2023-38574?

The VI Web Client prior to version 7.9.6 contains an open redirect vulnerability that enables a remote, unauthenticated attacker to manipulate URLs, redirecting users to arbitrary web destinations. This flaw poses a significant risk as it can be exploited to conduct phishing attacks, potentially resulting in unauthorized access to sensitive information. Users of the VI Web Client should be aware of this vulnerability and update to the latest version to ensure their protection.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VI Web Client prior to 7.9.6

References

https://downloadvi.com/downloads/IPServer/v7.9/796232/v79...

https://jvn.jp/en/jp/JVN60140221/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Aug 25, 2023

JSON

I-pro Co., Ltd.