CVE-2016-6636

MEDIUM Year: 2016
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.

Related Vulnerabilities

CVE-2020-4849

MEDIUM
CVSS:5.3(Medium)

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vuln...

CWE-6012020

CVE-2021-3647

MEDIUM
CVSS:5.3(Medium)

URI.js is vulnerable to URL Redirection to Untrusted Site

CWE-6012021

CVE-2021-3664

MEDIUM
CVSS:5.3(Medium)

url-parse is vulnerable to URL Redirection to Untrusted Site

CWE-6012021

CVE-2022-0122

MEDIUM
CVSS:5.3(Medium)

forge is vulnerable to URL Redirection to Untrusted Site

CWE-6012022

CVE-2022-44560

MEDIUM
CVSS:5.3(Medium)

The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

CWE-6012022

CVE-2023-50456

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.

CWE-6012023