// For flags

CVE-2022-22797

Sysaid – sysaid Open Redirect

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Sysaid - sysaid Redireccionamiento Abierto - Un atacante puede cambiar el enlace de redireccionamiento en el parámetro "redirectURL" de la petición "GET" desde la ubicación de la url: /ComunidadSSORedirect.jsp?redirectURL=https://google.com. Los redireccionamientos y reenvíos no comprobados son posibles cuando una aplicación web acepta una entrada no confiable que podría causar que la aplicación web redirija la petición a una URL contenida en una entrada no confiable. Al modificar la entrada de la URL no confiable a un sitio malicioso, un atacante puede lanzar con éxito una estafa de phishing y robar las credenciales del usuario

*Credits: Moriel Harush - Sophtix Security LTD
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-07 CVE Reserved
  • 2022-05-12 CVE Published
  • 2023-12-03 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
URL Tag Source
https://www.gov.il/en/departments/faq/cve_advisories Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sysaid
Search vendor "Sysaid"
 Sysaid
Search vendor "Sysaid" for product "Sysaid"
 < 22.1.50
Search vendor "Sysaid" for product "Sysaid" and version " < 22.1.50"
cloud
Affected
Sysaid
Search vendor "Sysaid"
 Sysaid
Search vendor "Sysaid" for product "Sysaid"
 < 22.1.64
Search vendor "Sysaid" for product "Sysaid" and version " < 22.1.64"
on-premises
Affected