mcafee web_gateway 指向未可信站点的url重定向(开放重定向)

CVE编号

CVE-2022-1254

利用情况

暂无

补丁情况

N/A

披露时间

2022-04-20
漏洞描述
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 mcafee web_gateway * From
(including)
10.0.0
Up to
(excluding)
10.2.9
运行在以下环境
应用 mcafee web_gateway * From
(including)
11.0.0
Up to
(excluding)
11.1.3
运行在以下环境
应用 mcafee web_gateway * From
(including)
7.0.0
Up to
(excluding)
7.8.2.31
运行在以下环境
应用 mcafee web_gateway * From
(including)
8.0.0
Up to
(excluding)
8.2.27
运行在以下环境
应用 mcafee web_gateway * From
(including)
9.0.0
Up to
(excluding)
9.2.20
CVSS3评分
6.1
  • 攻击路径
    网络
  • 攻击复杂度
  • 权限要求
  • 影响范围
    已更改
  • 用户交互
    需要
  • 可用性
  • 保密性
  • 完整性
CWE-ID 漏洞类型
CWE-601 指向未可信站点的URL重定向(开放重定向)
阿里云安全产品覆盖情况