CVE-2022-22797

CVE-2022-22797 is a medium-severity vulnerability in Sysaid with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-601.

Key facts

Description

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Frequently asked questions

What is CVE-2022-22797?
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
How severe is CVE-2022-22797?
CVE-2022-22797 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and user interaction. Impact on confidentiality is low, integrity low, and availability none.
Is CVE-2022-22797 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (38th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2022-22797?
CVE-2022-22797 primarily affects Sysaid. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2022-22797?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2022-22797 published?
CVE-2022-22797 was published on 2022-05-12 and last updated on 2026-06-17.

References

Affected products (2)

More vulnerabilities in Sysaid

All CVEs affecting Sysaid →

Other CWE-601 (Open Redirect) vulnerabilities

Browse all CWE-601 (Open Redirect) vulnerabilities →