Main Vulnerability Database Vulnerabilities #VU41790

Input validation error in Identity Manager - CVE-2014-2880

Published: April 17, 2014 / Updated: August 11, 2020

Vulnerability identifier: #VU41790

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-2880

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Oracle

Affected software:
Identity Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

How to mitigate CVE-2014-2880

Install update from vendor's website.

Input validation error in Identity Manager - CVE-2014-2880

Detailed vulnerability description

How to mitigate CVE-2014-2880

Sources

Please verify you're human