Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
References
Configurations
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html - | |
References | () http://www.exploit-db.com/exploits/32670 - | |
References | () http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html - | |
References | () http://www.osvdb.org/105384 - | |
References | () http://www.securityfocus.com/bid/66615 - |
Information
Published : 2014-04-17 14:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2880
Mitre link : CVE-2014-2880
CVE.ORG link : CVE-2014-2880
JSON object : View
Products Affected
oracle
- identity_manager
CWE
CWE-20
Improper Input Validation