Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-17T14:00:00
Updated: 2024-08-06T10:28:46.184Z
Reserved: 2014-04-17T00:00:00
Link: CVE-2014-2880
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-04-17T14:55:12.357
Modified: 2014-10-17T07:12:06.430
Link: CVE-2014-2880
Redhat
No data.