{"containers": {"cna": {"affected": [{"product": "JBoss KeyCloak", "vendor": "JBoss KeyCloak", "versions": [{"status": "affected", "version": "through 2014-09-19"}]}], "descriptions": [{"lang": "en", "value": "JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL."}], "problemTypes": [{"descriptions": [{"description": "Open redirect vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-15T21:16:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2014-3652"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.310Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2014-3652"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3652", "datePublished": "2019-12-15T21:16:12", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.310Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "49C5FA72-6837-4067-B9BB-F1D0A0F37936", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL."}, {"lang": "es", "value": "JBoss KeyCloak: una vulnerabilidad de redireccionamiento abierto por falta de comprobaci\u00f3n de la URL de redireccionamiento."}], "id": "CVE-2014-3652", "lastModified": "2019-12-19T13:47:17.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-15T22:15:11.683", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2014-3652"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "bugzilla": {"description": "KeyCloak: Open redirect vulnerability", "id": "1144281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144281"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.", "It was identified that the login redirect implementation provided by JBoss KeyCloak did not validate the redirect URL. This flaw could be used by a remote attacker to conduct phishing attacks by redirecting users to arbitary websites."], "name": "CVE-2014-3652", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "mobile", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2014-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3652\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3652"], "statement": "This issue does not affect any supported Red Hat products.", "threat_severity": "Low"}