Open Redirect Vulnerability in VI Web Client by Download VI
CVE-2023-38574

6.1MEDIUM

Key Information:

Vendor: I-pro Co., Ltd.
Status: Vi Web Client
Vendor: CVE Published:; 5 September 2023

🔔 Create I-pro Co., Ltd. Vulnerability Alert

What is CVE-2023-38574?

The VI Web Client prior to version 7.9.6 contains an open redirect vulnerability that enables a remote, unauthenticated attacker to manipulate URLs, redirecting users to arbitrary web destinations. This flaw poses a significant risk as it can be exploited to conduct phishing attacks, potentially resulting in unauthorized access to sensitive information. Users of the VI Web Client should be aware of this vulnerability and update to the latest version to ensure their protection.

Affected Version(s)

VI Web Client prior to 7.9.6

References

https://downloadvi.com/downloads/IPServer/v7.9/796232/v79...

https://jvn.jp/en/jp/JVN60140221/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Aug 25, 2023

CVE-2023-38574 Data

JSON