Vulnerability Description
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | < 4.2.0 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/390663ExploitThird Party Advisory
- https://www.revive-adserver.com/security/revive-sa-2019-001/PatchVendor Advisory
- https://hackerone.com/reports/390663ExploitThird Party Advisory
- https://www.revive-adserver.com/security/revive-sa-2019-001/PatchVendor Advisory
FAQ
What is CVE-2019-5433?
CVE-2019-5433 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) d...
How severe is CVE-2019-5433?
CVE-2019-5433 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5433?
Check the references section above for vendor advisories and patch information. Affected products include: Revive-Adserver Revive Adserver.