CVE-2020-36912
Published: 06 January 2026
Summary
CVE-2020-36912 is a medium-severity Open Redirect (CWE-601) vulnerability in Ibmcloud (inferred from references). Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-4 (Information Flow Enforcement).
Deeper analysis
CVE-2020-36912 is an open redirect vulnerability in Plexus Anblick Digital Signage Management version 3.1.13. The flaw exists in the 'PantallaLogin' script, where improper input validation of the 'pagina' GET parameter enables attackers to manipulate redirects. This issue corresponds to CWE-601 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Remote attackers require no privileges or authentication to exploit this vulnerability. They can craft malicious links embedding the manipulated 'pagina' parameter, tricking users into redirection to arbitrary attacker-controlled websites. Potential outcomes include phishing, credential theft, or delivery of malicious content, leveraging the high impacts on confidentiality, integrity, and availability.
Advisories detailing the vulnerability are available from IBM X-Force Exchange (https://exchange.xforce.ibmcloud.com/vulnerabilities/185521), Packet Storm Security (https://packetstormsecurity.com/files/158473), VulnCheck (https://www.vulncheck.com/advisories/plexus-anblick-digital-signage-management-open-redirect-via-pagina-parameter), and Zero Science Lab (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5573.php). The vendor's site is at https://www.plexus.es/. No specific patch or mitigation guidance is provided in the referenced descriptions.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1025
Vulnerability details
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation…
more
in the parameter.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Open redirect enables crafting of trusted-domain malicious links for spearphishing and user execution leading to phishing/credential theft/malicious content delivery.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the improper input validation of the 'pagina' GET parameter that allows manipulation for open redirects to arbitrary malicious sites.
Enforces information flow control policies to restrict redirects only to approved domains, preventing unauthorized external redirects.
Filters output such as the redirect Location header generated from the 'pagina' parameter to block malicious URLs.