CVE-2024-25566

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.5.0:*:*:*:*:*:*:*

History

08 Nov 2024, 15:38

Type Values Removed Values Added
CPE cpe:2.3:a:forgerock:access_management:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:access_management:7.4.1:*:*:*:*:*:*:*
First Time Forgerock
Forgerock access Management
References () https://backstage.forgerock.com/downloads/browse/am/featured - () https://backstage.forgerock.com/downloads/browse/am/featured - Product
References () https://backstage.forgerock.com/knowledge/advisories/article/a63463303 - () https://backstage.forgerock.com/knowledge/advisories/article/a63463303 - Mitigation, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de redireccionamiento abierto en PingAM, en la que las solicitudes bien manipuladas pueden provocar una validación incorrecta de las URL de redireccionamiento. Esto podría permitir que un atacante redirija a los usuarios finales a sitios maliciosos bajo su control, lo que simplifica los ataques de phishing.

29 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 16:15

Updated : 2024-11-08 15:38


NVD link : CVE-2024-25566

Mitre link : CVE-2024-25566

CVE.ORG link : CVE-2024-25566


JSON object : View

Products Affected

forgerock

  • access_management
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')