Affected configuration(s):


Date published: 2014-04-17T10:55:12.357-04:00

Date last modified: 2014-10-17T03:12:06.430-04:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL:

Summary: Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware,,, and allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.