CVE-2014-2880
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
Known Affected Software
1 configuration(s) from 1 vendor(s)
identity_manager
Version:
11.1.2.1.0
CPE:
cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.htmlcve@mitre.org
-
http://www.exploit-db.com/exploits/32670cve@mitre.org
-
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlcve@mitre.org
-
http://www.osvdb.org/105384cve@mitre.org
-
http://www.securityfocus.com/bid/66615cve@mitre.org
-
http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.exploit-db.com/exploits/32670af854a3a-2127-422b-91ae-364da2661108
-
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.osvdb.org/105384af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/66615af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 17, 2014
