CVE-2018-6324

MEDIUM

F-Secure Radar < 3.9.1 - Unvalidated Redirect via ReturnUrl Parameter

Title source: llm
STIX 2.1

Description

F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103208

Scores

CVSS v3 6.1
EPSS 0.0099
EPSS Percentile 57.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (1)
f-secure/radar < 3.9.1
Published Feb 16, 2018
Tracked Since Feb 18, 2026