CVE-2020-10775 — MEDIUM (5.3)

Q: How severe is CVE-2020-10775?

CVE-2020-10775 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-10775?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Virtualization, Redhat Ovirt-Engine.

Vulnerability Description

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Virtualization	4.0
Redhat	Ovirt-Engine	<= 4.4

Related Weaknesses (CWE)

CWE-451 CWE-601

References

https://bugzilla.redhat.com/show_bug.cgi?id=1847420Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1847420Issue TrackingVendor Advisory

FAQ

What is CVE-2020-10775?

CVE-2020-10775 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the targ...

How severe is CVE-2020-10775?

CVE-2020-10775 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10775?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Virtualization, Redhat Ovirt-Engine.