Main Vulnerability Database Exploits ID:3991 - Exploit for Input validation error in Identity Manager - CVE-2014-2880

ID:3991 - Exploit for Input validation error in Identity Manager - CVE-2014-2880

Published: August 11, 2020

Vulnerability identifier: #VU41790

Vulnerability risk: Medium

CVE-ID: CVE-2014-2880

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Identity Manager

Link to public exploit:

https://www.exploit-db.com/exploits/32670/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

Remediation

Install update from vendor's website.

ID:3991 - Exploit for Input validation error in Identity Manager - CVE-2014-2880

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human