Cisco Registered Envelope Service CVE-2017-3889 Open Redirection Vulnerability



Cisco Registered Envelope Service is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can leverage this issue to conduct phishing attacks; other attacks are possible.

This issue is being tracked by Cisco Bug ID CSCvc60123.

Information

Bugtraq ID: 97433
Class: Input Validation Error
CVE: CVE-2017-3889

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: Jim Guma
Vulnerable: Cisco Registered Envelope Service 5.1.0-015


Not Vulnerable:

Exploit


An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.


Related Posts

Comments