漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint
Vulnerability Description
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
WSO2多款产品 安全漏洞
Vulnerability Description
WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server(IS)是一款身份认证服务器。WSO2 Identity Server as Key Manager是一个身份服务器。 WSO2多款产品存在安全漏洞,该漏洞源于多选项身份验证端点中URL验证不当,可能导致开放重定向攻击。以下产品受到影响:WSO2 API Manager、WSO2 Identity Server和WSO2 Identity
CVSS Information
N/A
Vulnerability Type
N/A