CVE-2017-3889

MEDIUM

Cisco Registered Envelope Service - Open Redirect

Title source: llm

Description

A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97433

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res

Scores

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-601 CWE-20

Status published

Affected Products (2)

cisco/registered_envelope_service

n/a/Cisco Registered Envelope Service < Cisco Registered Envelope Service

Timeline

Published Apr 07, 2017

Tracked Since Feb 18, 2026