CVE-2021-20875

Published: Dic 24, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-8284 Aliases: GSD-2021-20875
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
MEDIUM 5,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: none

Description

AI Translation Available

Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0024
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Other
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Other
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Low
View CWE Details
Application

Groupsession by Groupsession

Product Information
Vendor Groupsession
Product Groupsession
Version Range Affected
To 5.1.1 (inclusive)
cpe:2.3:a:groupsession:groupsession:*:*:*:*:zion:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groupsession by Groupsession

Product Information
Vendor Groupsession
Product Groupsession
Version Range Affected
To 5.1.1 (inclusive)
cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groupsession by Groupsession

Product Information
Vendor Groupsession
Product Groupsession
Version Range Affected
To 5.1.1 (inclusive)
cpe:2.3:a:groupsession:groupsession:*:*:*:*:cloud:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://groupsession.jp/info/info-news/security20211220
Vendor Advisory
https://groupsession.jp/info/info-news/security20211220
https://jvn.jp/en/jp/JVN79798166/index.html
Third Party Advisory
https://jvn.jp/en/jp/JVN79798166/index.html
https://groupsession.jp/info/info-news/security20211220
Vendor Advisory
https://groupsession.jp/info/info-news/security20211220
https://jvn.jp/en/jp/JVN79798166/index.html
Third Party Advisory
https://jvn.jp/en/jp/JVN79798166/index.html