CVE-2010-2337

Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html
http://osvdb.org/66504
http://secunia.com/advisories/40704	Vendor Advisory
http://www.securityfocus.com/bid/41850
http://www.securitytracker.com/id?1024239
http://www.vupen.com/english/advisories/2010/1880	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60564
https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rsa:federated_identity_manager:4.0:::::::*
	cpe:2.3:a:rsa:federated_identity_manager:4.1:::::::*

History

No history.

Information

Published : 2010-07-28 12:48

Updated : 2024-02-04 17:54

NVD link : CVE-2010-2337

Mitre link : CVE-2010-2337

CVE.ORG link : CVE-2010-2337

JSON object : View

Products Affected

rsa

federated_identity_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-2337", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-07-28T12:48:52.543", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html", "source": "security_alert@emc.com"}, {"url": "http://osvdb.org/66504", "source": "security_alert@emc.com"}, {"url": "http://secunia.com/advisories/40704", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/41850", "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id?1024239", "source": "security_alert@emc.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1880", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60564", "source": "security_alert@emc.com"}, {"url": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n involuntaria en RSA Federated Identity Manager v4.0 anterior a v4.0.25 y v4.1 anterior a v4.1.26 permite a atacantes remotos redireccionar a los usuarios a sitios Web de su elecci\u00f3n y llevar a cabo ataques de phishing mediante vectores desconocidos."}], "lastModified": "2017-08-17T01:32:41.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsa:federated_identity_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADC82DF4-53B5-4308-A68F-C2877960DEA0"}, {"criteria": "cpe:2.3:a:rsa:federated_identity_manager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEF60540-D484-43AB-B0CA-728B1FCB7E13"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}