CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10151
https://notcve.org/view.php?id=CVE-2017-10151
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. • http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html http://www.securityfocus.com/bid/101619 http://www.securitytracker.com/id/1039690 •
CVSS: 5.8EPSS: 2%CPEs: 1EXPL: 2CVE-2014-2880 – Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
https://notcve.org/view.php?id=CVE-2014-2880
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. Una vulnerabilidad de redireccionamiento abierto en el componente Oracle Identity Manager en Oracle Fusion Middleware versiones 11.1.1.5, 11.1.1.7, 11.1.2.1 y 11.1.2.2, permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y realizar ataques de phishing mediante una URL en el parámetro backUrl en una acción changepwd en el archivo identity/faces/firstlogin. • https://www.exploit-db.com/exploits/32670 http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html http://www.exploit-db.com/exploits/32670 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.osvdb.org/105384 http://www.securityfocus.com/bid/66615 • CWE-20: Improper Input Validation •