CVE-2020-28150
Published: 09 March 2021
Summary
CVE-2020-28150 is a medium-severity Open Redirect (CWE-601) vulnerability in Inetsoftware I-Net Clear Reports. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 43.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-20636
Vulnerability details
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.