CVE-2024-7211

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:1e:platform:8.4.1.229:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:23.7.1.80:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:23.11.1.15:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:24.7:*:*:*:*:*:*:*

History

06 Sep 2024, 13:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.7
v2 : unknown
v3 : 6.1
CWE CWE-601
First Time 1e
1e platform
CPE cpe:2.3:a:1e:platform:23.11.1.15:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:23.7.1.80:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:8.4.1.229:*:*:*:*:*:*:*
cpe:2.3:a:1e:platform:24.7:*:*:*:*:*:*:*
References () https://www.1e.com/trust-security-compliance/cve-info/ - () https://www.1e.com/trust-security-compliance/cve-info/ - Vendor Advisory

02 Aug 2024, 13:16

Type Values Removed Values Added
Summary (en) The 1E Platform’s Identity Server was impacted by an open redirect vulnerability, allowing an attacker to dictate the redirection path of an end user. Note: The Identity Server on 1E Platform has been updated with the patch that includes the fix. (en) The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

02 Aug 2024, 12:16

Type Values Removed Values Added
Summary
  • (es) El servidor de identidad utilizado por 1E Platform podría permitir la redirección de URL a sitios que no son de confianza. Nota: El servidor de identidad en la plataforma 1E se actualizó con el parche necesario.
Summary (en) The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch. (en) The 1E Platform’s Identity Server was impacted by an open redirect vulnerability, allowing an attacker to dictate the redirection path of an end user. Note: The Identity Server on 1E Platform has been updated with the patch that includes the fix.

01 Aug 2024, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 17:16

Updated : 2024-09-06 13:23


NVD link : CVE-2024-7211

Mitre link : CVE-2024-7211

CVE.ORG link : CVE-2024-7211


JSON object : View

Products Affected

1e

  • platform
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')