What the vulnerability does

01Description

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites.

Key dates

02Disclosure timeline

August 11, 2021 CVE published
August 3, 2024 Record updated