ID CVE-2021-38123
Summary Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
References
Vulnerable Configurations
  • cpe:2.3:a:microfocus:network_automation:10.40:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:10.40:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:10.50:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:10.50:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2018.05:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2018.05:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2018.11:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2018.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2019.05:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2019.05:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2020.02:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2020.02:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2020.08:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2020.08:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2020.11:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2020.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:network_automation:2021.05:*:*:*:*:*:*:*
    cpe:2.3:a:microfocus:network_automation:2021.05:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 14-09-2021 - 17:44)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
Last major update 14-09-2021 - 17:44
Published 07-09-2021 - 17:15
Last modified 14-09-2021 - 17:44
Back to Top