CVE-2019-19613
low-risk
Published 2020-03-16
An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0
Do I need to act?
-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.2/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Raquest
Affected Vendors
References (6)
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2019-19613/
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal