CVE-2024-47530 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-47530 Interim 1 12 2025-08-06T00:09:36Z current 2024-12-14T00:21:25Z 2025-08-06T00:09:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-47530 Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2025-January/020079.html E-Mail link for SUSE-SU-2025:0055-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020091.html E-Mail link for SUSE-SU-2025:0063-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020090.html E-Mail link for SUSE-SU-2025:0064-1 https://lists.suse.com/pipermail/sle-security-updates/2025-January/020097.html E-Mail link for SUSE-SU-2025:0067-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040414.html E-Mail link for SUSE-SU-2025:02055-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZDF3P2GSSY47IWYHI5OBEEMZAKWSY3E/ E-Mail link for openSUSE-SU-2024:14578-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SLES-LTSS-TERADATA 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.6 openSUSE Tumbleweed command-not-found gstreamer-plugins-good-1.24.0-150600.3.3.1 gstreamer-plugins-good-1.24.10-2.1 gstreamer-plugins-good-32bit-1.24.10-2.1 gstreamer-plugins-good-extra-1.24.10-2.1 gstreamer-plugins-good-extra-32bit-1.24.10-2.1 gstreamer-plugins-good-gtk-1.24.10-2.1 gstreamer-plugins-good-jack-1.24.10-2.1 gstreamer-plugins-good-jack-32bit-1.24.10-2.1 gstreamer-plugins-good-lang-1.24.0-150600.3.3.1 gstreamer-plugins-good-lang-1.24.10-2.1 gstreamer-plugins-good-qtqml-1.24.10-2.1 gstreamer-plugins-good-qtqml6-1.24.10-2.1 scout scout-command-not-found gstreamer-plugins-good-1.24.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 gstreamer-plugins-good-lang-1.24.0-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 gstreamer-plugins-good-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-gtk-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-32bit-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-lang-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-qtqml-1.24.10-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-qtqml6-1.24.10-2.1 as a component of openSUSE Tumbleweed scout as a component of SLES-LTSS-TERADATA 15 SP2 command-not-found as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS scout as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS command-not-found as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS scout as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS scout as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS scout-command-not-found as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS scout as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS scout-command-not-found as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS scout as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 scout-command-not-found as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 scout as a component of SUSE Linux Enterprise Server 11 SP4 LTSS command-not-found as a component of SUSE Linux Enterprise Server 12 SP2-LTSS scout as a component of SUSE Linux Enterprise Server 12 SP2-LTSS command-not-found as a component of SUSE Linux Enterprise Server 12 SP4-LTSS scout as a component of SUSE Linux Enterprise Server 12 SP4-LTSS command-not-found as a component of SUSE Linux Enterprise Server 12 SP5-LTSS scout as a component of SUSE Linux Enterprise Server 12 SP5-LTSS scout as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security command-not-found as a component of SUSE Linux Enterprise Server 15 SP1-LTSS scout as a component of SUSE Linux Enterprise Server 15 SP1-LTSS command-not-found as a component of SUSE Linux Enterprise Server 15 SP2-LTSS scout as a component of SUSE Linux Enterprise Server 15 SP2-LTSS command-not-found as a component of SUSE Linux Enterprise Server 15 SP3-LTSS scout as a component of SUSE Linux Enterprise Server 15 SP3-LTSS command-not-found as a component of SUSE Linux Enterprise Server 15 SP4-LTSS scout as a component of SUSE Linux Enterprise Server 15 SP4-LTSS scout as a component of SUSE Linux Enterprise Server 15 SP5-LTSS scout-command-not-found as a component of SUSE Linux Enterprise Server 15 SP5-LTSS command-not-found as a component of SUSE Linux Enterprise Server 15-LTSS scout as a component of SUSE Linux Enterprise Server 15-LTSS scout as a component of SUSE Linux Enterprise Server Teradata 12 SP3 scout as a component of SUSE Linux Enterprise Server Teradata 15 SP4 command-not-found as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 scout as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 command-not-found as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 scout as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 scout as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 scout-command-not-found as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 command-not-found as a component of SUSE Manager Proxy 4.3 scout as a component of SUSE Manager Proxy 4.3 command-not-found as a component of SUSE Manager Retail Branch Server 4.3 scout as a component of SUSE Manager Retail Branch Server 4.3 command-not-found as a component of SUSE Manager Server 4.3 scout as a component of SUSE Manager Server 4.3 scout as a component of openSUSE Leap 15.6 scout-command-not-found as a component of openSUSE Leap 15.6 Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. CVE-2024-47530 SUSE Linux Enterprise Module for Basesystem 15 SP7:gstreamer-plugins-good-1.24.0-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:gstreamer-plugins-good-lang-1.24.0-150600.3.3.1 openSUSE Tumbleweed:gstreamer-plugins-good-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.24.10-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml6-1.24.10-2.1 SLES-LTSS-TERADATA 15 SP2:scout SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:command-not-found SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:scout SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:command-not-found SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:scout SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:scout SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:scout-command-not-found SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:scout SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:scout-command-not-found SUSE Linux Enterprise Module for Basesystem 15 SP6:scout SUSE Linux Enterprise Module for Basesystem 15 SP6:scout-command-not-found SUSE Linux Enterprise Server 11 SP4 LTSS:scout SUSE Linux Enterprise Server 12 SP2-LTSS:command-not-found SUSE Linux Enterprise Server 12 SP2-LTSS:scout SUSE Linux Enterprise Server 12 SP4-LTSS:command-not-found SUSE Linux Enterprise Server 12 SP4-LTSS:scout SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:scout SUSE Linux Enterprise Server 12 SP5-LTSS:command-not-found SUSE Linux Enterprise Server 12 SP5-LTSS:scout SUSE Linux Enterprise Server 15 SP1-LTSS:command-not-found SUSE Linux Enterprise Server 15 SP1-LTSS:scout SUSE Linux Enterprise Server 15 SP2-LTSS:command-not-found SUSE Linux Enterprise Server 15 SP2-LTSS:scout SUSE Linux Enterprise Server 15 SP3-LTSS:command-not-found SUSE Linux Enterprise Server 15 SP3-LTSS:scout SUSE Linux Enterprise Server 15 SP4-LTSS:command-not-found SUSE Linux Enterprise Server 15 SP4-LTSS:scout SUSE Linux Enterprise Server 15 SP5-LTSS:scout SUSE Linux Enterprise Server 15 SP5-LTSS:scout-command-not-found SUSE Linux Enterprise Server 15-LTSS:command-not-found SUSE Linux Enterprise Server 15-LTSS:scout SUSE Linux Enterprise Server Teradata 12 SP3:scout SUSE Linux Enterprise Server Teradata 15 SP4:scout SUSE Linux Enterprise Server for SAP Applications 15 SP3:command-not-found SUSE Linux Enterprise Server for SAP Applications 15 SP3:scout SUSE Linux Enterprise Server for SAP Applications 15 SP4:command-not-found SUSE Linux Enterprise Server for SAP Applications 15 SP4:scout SUSE Linux Enterprise Server for SAP Applications 15 SP5:scout SUSE Linux Enterprise Server for SAP Applications 15 SP5:scout-command-not-found SUSE Manager Proxy 4.3:command-not-found SUSE Manager Proxy 4.3:scout SUSE Manager Retail Branch Server 4.3:command-not-found SUSE Manager Retail Branch Server 4.3:scout SUSE Manager Server 4.3:command-not-found SUSE Manager Server 4.3:scout openSUSE Leap 15.6:scout openSUSE Leap 15.6:scout-command-not-found moderate 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N