CVE-2024-25566
Severity CVSS v4.0:
MEDIUM
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
29/10/2024
Last modified:
08/11/2024
Description
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:* | 7.0.2 (including) | |
| cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:* | 7.1.0 (including) | 7.1.4 (including) |
| cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:* | 7.2.0 (including) | 7.2.2 (including) |
| cpe:2.3:a:forgerock:access_management:7.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:forgerock:access_management:7.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:forgerock:access_management:7.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:forgerock:access_management:7.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:forgerock:access_management:7.5.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page