Main Vulnerability Database Vulnerabilities #VU41790

#VU41790 Input validation error in Identity Manager - CVE-2014-2880

Published: April 17, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41790

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-2880

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Identity Manager

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

Remediation

Install update from vendor's website.

#VU41790 Input validation error in Identity Manager - CVE-2014-2880

Description

Remediation

External links

Please verify you're human