CVE-2023-38574

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 5, 2023

Updated: Sep 11, 2023

CWE ID 601

Summary

CVE-2023-38574 is a newly identified open redirect vulnerability affecting the VI Web Client before version 7.9.6. An unauthenticated attacker can exploit this issue by crafting a malicious URL and redirecting unsuspecting users to arbitrary websites. This can lead to phishing attacks, where users unknowingly divulge sensitive information to the attacker. The vulnerability poses a significant risk, particularly in enterprise environments where users may be directed to fraudulent login pages. It is recommended that users upgrade to the latest version of VI Web Client to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sc14BV
https://www.cve.org/CVERecord?id=CVE-2023-38574
https://nvd.nist.gov/vuln/detail/CVE-2023-38574

Back to Vulnerability Database

CVE-2023-38574

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations