CVE-2024-47530

Summary

CVE-2024-47530 is an open redirect vulnerability affecting multiple products associated with the Scout web-based visualizer for VCF files. This flaw, resulting from a lack of input sanitization on the /login API endpoint, enables attackers to redirect users to malicious websites, potentially facilitating phishing attacks. Additionally, the vulnerability allows for HTTPS downgrade attacks due to insufficient scheme validation. Organizations are advised to remediate this issue by updating to version 4.89, which addresses the identified vulnerabilities. The severity rating for this vulnerability is medium (CVSS base score: 5.4), with a moderate exploitability score of 2.8, necessitating user interaction for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.