CVE-2024-25566

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://backstage.forgerock.com/downloads/browse/am/featured	Product
https://backstage.forgerock.com/knowledge/advisories/article/a63463303	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:forgerock:access_management::::::::
	cpe:2.3:a:forgerock:access_management::::::::
	cpe:2.3:a:forgerock:access_management::::::::
	cpe:2.3:a:forgerock:access_management:7.3.0:::::::*
	cpe:2.3:a:forgerock:access_management:7.3.1:::::::*
	cpe:2.3:a:forgerock:access_management:7.4.0:::::::*
	cpe:2.3:a:forgerock:access_management:7.4.1:::::::*
	cpe:2.3:a:forgerock:access_management:7.5.0:::::::*

History

08 Nov 2024, 15:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~() https://backstage.forgerock.com/downloads/browse/am/featured -~~	() https://backstage.forgerock.com/downloads/browse/am/featured - Product
References	~~() https://backstage.forgerock.com/knowledge/advisories/article/a63463303 -~~	() https://backstage.forgerock.com/knowledge/advisories/article/a63463303 - Mitigation, Vendor Advisory
CPE		cpe:2.3:a:forgerock:access_management:7.3.0:::::::* cpe:2.3:a:forgerock:access_management:7.4.1:::::::* cpe:2.3:a:forgerock:access_management:7.5.0:::::::* cpe:2.3:a:forgerock:access_management:7.3.1:::::::* cpe:2.3:a:forgerock:access_management:7.4.0:::::::* cpe:2.3:a:forgerock:access_management::::::::
First Time		Forgerock access Management Forgerock

01 Nov 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de redireccionamiento abierto en PingAM, en la que las solicitudes bien manipuladas pueden provocar una validación incorrecta de las URL de redireccionamiento. Esto podría permitir que un atacante redirija a los usuarios finales a sitios maliciosos bajo su control, lo que simplifica los ataques de phishing.

29 Oct 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-29 16:15

Updated : 2024-11-08 15:38

NVD link : CVE-2024-25566

Mitre link : CVE-2024-25566

CVE.ORG link : CVE-2024-25566

JSON object : View

Products Affected

forgerock

access_management

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10