CVE-2020-5541 - Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect use

CVE-2020-5541

Summary

Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.

References

https://jvn.jp/en/jp/JVN46258789/
https://sup.cybersolutions.co.jp/otrs/customer.pl?Action=CustomerFAQZoom;ItemID=985
https://www.chtsecurity.com/news/cf5742f8-a676-43c2-a8b9-bff17f452823
https://gist.github.com/tonykuo76/ffdaa7bfabf2205dc5bac010eee38509

Vulnerable Configurations

cpe:2.3:a:cybersolutions:cybermail:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cybersolutions:cybermail:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cybersolutions:cybermail:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cybersolutions:cybermail:6.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 30-09-2022 - 03:25)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

misc

https://gist.github.com/tonykuo76/ffdaa7bfabf2205dc5bac010eee38509
https://jvn.jp/en/jp/JVN46258789/
https://sup.cybersolutions.co.jp/otrs/customer.pl?Action=CustomerFAQZoom;ItemID=985
https://www.chtsecurity.com/news/cf5742f8-a676-43c2-a8b9-bff17f452823

Last major update

30-09-2022 - 03:25

Published

25-08-2020 - 03:15

Last modified

30-09-2022 - 03:25