Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1254

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.

Published

2022-04-20T13:15:07.507

Last Modified

2024-11-21T06:40:21.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	web_gateway	< 7.8.2.31	Yes
Application	mcafee	web_gateway	< 8.2.27	Yes
Application	mcafee	web_gateway	< 9.2.20	Yes
Application	mcafee	web_gateway	< 10.2.9	Yes
Application	mcafee	web_gateway	< 11.1.3	Yes

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10381 Broken Link, Vendor Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10381 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)