PatchSiren cyber security CVE debrief
CVE-2016-8376 Kabona Ab CVE debrief
CVE-2016-8376 is an open redirect / unvalidated forward issue in Kabona AB WebDatorCentral (WDC) prior to version 3.4.0. The weakness is classified as CWE-601 and was assigned a CVSS 3.0 score of 6.1 (medium). The key risk is not just redirection itself: the issue can be chained with authenticated vulnerabilities, increasing the impact of attacks that rely on user trust, session flow, or misleading navigation.
- Vendor
- Kabona Ab
- Product
- CVE-2016-8376
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams running Kabona AB WebDatorCentral, especially environments that expose authentication or workflow links to users. Any organization that uses WDC in internet-facing or user-facing contexts should review whether unvalidated redirect/forward behavior can be reached.
Technical summary
NVD describes a non-validated redirect/non-validated forward issue in Kabona AB WebDatorCentral affecting versions prior to 3.4.0. The NVD record maps the issue to CWE-601 and lists the CVSS 3.0 vector AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N, indicating network reachability, required user interaction, and high integrity impact in a changed scope scenario. The security concern is that an attacker can leverage the redirect/forward behavior as part of a chained attack, particularly against authenticated users or flows.
Defensive priority
Medium priority. The issue is publicly documented and can support chained attacks, but the available record does not indicate active exploitation or KEV inclusion. Prioritize if WDC is deployed in production, exposed to users, or used in login/session workflows.
Recommended defensive actions
- Inventory Kabona AB WebDatorCentral deployments and identify any versions prior to 3.4.0.
- Review all redirect and forward logic in WDC for destination validation and allow-list enforcement.
- Update or replace affected WDC instances to a version not covered by the vulnerable CPE range.
- Check authentication and post-authentication flows for any places where redirect parameters can influence navigation.
- If immediate upgrading is not possible, reduce exposure by limiting access to affected interfaces and monitoring for suspicious redirect usage.
- Validate that security controls and user education do not rely on redirect targets as a trust signal.
Evidence notes
This debrief is based only on the supplied official records and references. The NVD record for CVE-2016-8376 shows publishedAt 2017-02-13T21:59:01.313Z and modifiedAt 2026-05-13T00:24:29.033Z, identifies affected CPE criteria for Kabona AB WebDatorCentral prior to 3.4.0, and classifies the weakness as CWE-601. The description explicitly states that the open redirect can be chained with authenticated vulnerabilities. The supplied references include the NVD detail page, the CVE record, an ICS-CERT advisory, and a SecurityFocus BID entry.
Official resources
-
CVE-2016-8376 CVE record
CVE.org
-
CVE-2016-8376 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
Publicly disclosed in the CVE record on 2017-02-13; the supplied NVD record was last modified on 2026-05-13. No KEV listing is indicated in the supplied data.