CVE-2010-2337

Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.vupen.com/english/advisories/2010/1880	Vendor Advisory
http://www.securityfocus.com/bid/41850
https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692
http://secunia.com/advisories/40704	Vendor Advisory
http://www.securitytracker.com/id?1024239
http://osvdb.org/66504
http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/60564

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rsa:federated_identity_manager:4.0:::::::*
	cpe:2.3:a:rsa:federated_identity_manager:4.1:::::::*

Information

Published : 2010-07-28 05:48

Updated : 2017-08-16 18:32

NVD link : CVE-2010-2337

Mitre link : CVE-2010-2337

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

rsa

federated_identity_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vupen.com/english/advisories/2010/1880", "name": "ADV-2010-1880", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/41850", "name": "41850", "tags": [], "refsource": "BID"}, {"url": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692", "name": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/40704", "name": "40704", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1024239", "name": "1024239", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/66504", "name": "66504", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html", "name": "20100721 ESA-2010-011: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSAR Federated Identity Manager", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60564", "name": "rsa-redirection-weak-security(60564)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2337", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-07-28T12:48Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rsa:federated_identity_manager:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsa:federated_identity_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:32Z"}