| Vulnerability Name: | CVE-2021-21338 (CCN-198276) | ||||||||||||
| Assigned: | 2020-03-16 | ||||||||||||
| Published: | 2020-03-16 | ||||||||||||
| Updated: | 2021-03-26 | ||||||||||||
| Summary: | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-601 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-21338 Source: XF Type: UNKNOWN typo3-cve202121338-open-redirect(198276) Source: CONFIRM Type: Third Party Advisory https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp Source: MISC Type: Release Notes, Third Party Advisory https://packagist.org/packages/typo3/cms-core Source: CCN Type: TYPO3-CORE-SA-2021-001 Open Redirection in Login Handling Source: MISC Type: Vendor Advisory https://typo3.org/security/advisory/typo3-core-sa-2021-001 Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-21338 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||