Open redirect

2014-04-1714:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

CPENameOperatorVersion
identity_managereq11.1.2.1.0

CPE	Name	Operator	Version
	identity_manager	eq	11.1.2.1.0

References

packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.osvdb.org/105384

www.securityfocus.com/bid/66615

www.exploit-db.com/exploits/32670