Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2880

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-2880
Last Modified 17 Oct 2014 03:12:06
Published 17 Apr 2014 10:55:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2880

Summary

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

Vulnerable Systems

Application

  • Oracle Identity Manager 11.1.2.1.0


References

BID - 66615

OSVDB - 105384

EXPLOIT-DB - 32670

MISC - http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html


Last Updated: 27 May 2016 11:06:40