Details of VAR-202204-0819

ID

VAR-202204-0819

CVE

CVE-2022-1254

TITLE

McAfee's McAfee Web Gateway Open Redirect Vulnerability in Software

Trust: 0.8

sources: JVNDB: JVNDB-2022-008714

DESCRIPTION

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy. McAfee's McAfee Web Gateway The software contains an open redirect vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-1254 // JVNDB: JVNDB-2022-008714 // VULHUB: VHN-419367 // VULMON: CVE-2022-1254

AFFECTED PRODUCTS

vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.2.27	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	9.2.20	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	10.2.9	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.31	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	11.1.3	Trust: 1.0
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	mcafee web gateway software 7.0.0 that's all 7.8.2.31	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	mcafee web gateway software 10.0.0 that's all 10.2.9	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	mcafee web gateway software 11.0.0 that's all 11.1.3	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	mcafee web gateway software 8.0.0 that's all 8.2.27	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	-	Trust: 0.8
vendor:	マカフィー	model:	mcafee web gateway ソフトウェア	scope:	eq	version:	mcafee web gateway software 9.0.0 that's all 9.2.20	Trust: 0.8

sources: JVNDB: JVNDB-2022-008714 // NVD: CVE-2022-1254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-1254
value:	MEDIUM
Trust: 1.0
trellixpsirt@trellix.com:	CVE-2022-1254
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-1254
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-3887
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-419367
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-1254
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-1254
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-419367
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-1254
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	CVE-2022-1254
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-419367 // VULMON: CVE-2022-1254 // JVNDB: JVNDB-2022-008714 // CNNVD: CNNVD-202204-3887 // NVD: CVE-2022-1254 // NVD: CVE-2022-1254

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [ others ]	Trust: 0.8

sources: VULHUB: VHN-419367 // JVNDB: JVNDB-2022-008714 // NVD: CVE-2022-1254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3887

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3887

PATCH

title:

McAfee Skyhigh Secure Web Gateway Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190405

Trust: 0.6

sources: CNNVD: CNNVD-202204-3887

EXTERNAL IDS

db:	NVD	id:	CVE-2022-1254	Trust: 3.4
db:	MCAFEE	id:	SB10381	Trust: 2.6
db:	JVNDB	id:	JVNDB-2022-008714	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.1791	Trust: 0.6
db:	CS-HELP	id:	SB2022042136	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3887	Trust: 0.6
db:	VULHUB	id:	VHN-419367	Trust: 0.1
db:	VULMON	id:	CVE-2022-1254	Trust: 0.1

sources: VULHUB: VHN-419367 // VULMON: CVE-2022-1254 // JVNDB: JVNDB-2022-008714 // CNNVD: CNNVD-202204-3887 // NVD: CVE-2022-1254

REFERENCES

url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10381	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1254	Trust: 0.8
url:	https://vigilance.fr/vulnerability/skyhigh-secure-web-gateway-open-redirect-38112	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-1254/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1791	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042136	Trust: 0.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10381	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-419367 // VULMON: CVE-2022-1254 // JVNDB: JVNDB-2022-008714 // CNNVD: CNNVD-202204-3887 // NVD: CVE-2022-1254

SOURCES

db:	VULHUB	id:	VHN-419367
db:	VULMON	id:	CVE-2022-1254
db:	JVNDB	id:	JVNDB-2022-008714
db:	CNNVD	id:	CNNVD-202204-3887
db:	NVD	id:	CVE-2022-1254

LAST UPDATE DATE

2024-11-23T22:20:32.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419367	date:	2022-04-29T00:00:00
db:	VULMON	id:	CVE-2022-1254	date:	2022-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-008714	date:	2023-07-28T08:06:00
db:	CNNVD	id:	CNNVD-202204-3887	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-1254	date:	2024-11-21T06:40:21.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419367	date:	2022-04-20T00:00:00
db:	VULMON	id:	CVE-2022-1254	date:	2022-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-008714	date:	2023-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202204-3887	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2022-1254	date:	2022-04-20T13:15:07.507