CVE-2019-14912

MEDIUM

PRiSE adAS 1.7.0 - Open Redirect via OPENSSO Goto Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14912. PoCs published by Wocanilo.

AI-analyzed exploit summary This PoC exploits an open redirect vulnerability in the OPENSSO module of adAS by spoofing DNS responses and capturing session cookies via HTTP redirection. It demonstrates the attack by intercepting authentication flows and redirecting users to an attacker-controlled URL.

Description

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Exploits (1)

nomisec WORKING POC

by Wocanilo · poc

https://github.com/Wocanilo/adaPwn

View Code ZIP pw:eip

This PoC exploits an open redirect vulnerability in the OPENSSO module of adAS by spoofing DNS responses and capturing session cookies via HTTP redirection. It demonstrates the attack by intercepting authentication flows and redirecting users to an attacker-controlled URL.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: adAS OPENSSO module

No auth needed

Prerequisites: Network access to the target · Ability to intercept DNS queries · Victim interaction required

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

http://www.adas-sso.com/es/extra/download.php

Exploit, Third Party Advisory x_refsource_misc

https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas

Scores

CVSS v3 6.1

EPSS 0.0063

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

prise/adas 1.7.0

Published Sep 20, 2019

Tracked Since Feb 18, 2026