Description

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Remediation

References

CVE-2019-5433

Related Vulnerabilities

Oracle Database Server CVE-2019-2954 Vulnerability (CVE-2019-2954)

WordPress Plugin Email Subscribers & Newsletters Security Bypass (4.5.5)

TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670)

MySQL CVE-2015-0423 Vulnerability (CVE-2015-0423)

MySQL CVE-2020-14786 Vulnerability (CVE-2020-14786)

Severity

Medium

Classification

CVE-2019-5433 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities