CVE-2014-2880

Currently unrated

Key Information:

Vendor: Oracle
Status: Identity Manager
Vendor: CVE Published:; 17 April 2014

Summary

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

References

http://www.exploit-db.com/exploits/32670

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/66615

vdb-entryx_refsource_BID

http://www.osvdb.org/105384

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Apr 17, 2014