CVE-2011-1826

Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/72125
http://secunia.com/advisories/44317	Vendor Advisory
http://www.securityfocus.com/archive/1/517702/100/0/threaded
http://www.securityfocus.com/bid/47588
http://www.securitytracker.com/id?1025444
http://www.vupen.com/english/advisories/2011/1114
https://exchange.xforce.ibmcloud.com/vulnerabilities/67105
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BA71F5839-D214-4719-B918-4476E4537998%7D

Configurations

Configuration 1 (hide)

cpe:2.3:a:ca:arcot_webfort_versatile_authentication_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-05-05 13:22

Updated : 2024-02-04 17:54

NVD link : CVE-2011-1826

Mitre link : CVE-2011-1826

CVE.ORG link : CVE-2011-1826

JSON object : View

Products Affected

ca

arcot_webfort_versatile_authentication_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-1826", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-05-05T13:22:16.637", "references": [{"url": "http://osvdb.org/72125", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/44317", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517702/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47588", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1025444", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/1114", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67105", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BA71F5839-D214-4719-B918-4476E4537998%7D", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en Administrative Console en CA Arcot WebFort Versatile Authentication Server (VAS)anterioes a v6.2.5, permite a atacantes remotos redireccionar a usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."}], "lastModified": "2023-11-07T02:07:14.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ca:arcot_webfort_versatile_authentication_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50C51856-1D1E-47CB-BB38-1DA7C24D0784", "versionEndIncluding": "6.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}