What is the CVSS score of EUVD-2024-17193?

EUVD-2024-17193 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Open Redirect are affected by EUVD-2024-17193?

CVE-2024-1440 presents moderate security risk rated CVSS 5.4. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate EUVD-2024-17193?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Open Redirect EUVD-2024-17193

| CVE-2024-1440 MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2025-06-02 ed10eef1-636d-4fbe-9993-6890dfa878f8

GHSA-cp5v-2hmc-3vjx

Open Redirect Identity Server Identity Server As Key Manager Api Manager

5.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 16:47 euvd

EUVD-2024-17193

Analysis Generated

Mar 14, 2026 - 16:47 vuln.today

CVE Published

Jun 02, 2025 - 17:15 nvd

MEDIUM 5.4

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 maven packages depend on org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.endpoint.util (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.0.0.

DescriptionCVE.org

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site.

By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.

Analysis

By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.

Technical ContextAI

An open redirect vulnerability allows attackers to redirect users from a trusted domain to an arbitrary external URL through manipulation of redirect parameters. This vulnerability is classified as URL Redirection to Untrusted Site (Open Redirect) (CWE-601).

RemediationAI

Validate redirect URLs against a whitelist of allowed destinations. Use relative URLs for redirects. Warn users before redirecting to external sites.

More from same product – last 7 days

CVE-2026-53523 MEDIUM This Month

6.8 Jun 12

Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire

CVE-2026-50089 MEDIUM This Month

6.1 Jun 12

Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara

CVE-2026-9679 MEDIUM This Month

5.9 Jun 17

HTTP response header injection in undici's cookie parser exposes proxy, middleware, and SSR framework applications to se

CVE-2026-10837 MEDIUM This Month

5.1 Jun 17

Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP

CVE-2026-10839 MEDIUM This Month