Vulnerability Details : CVE-2010-2337
Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
Vulnerability category: Open redirectInput validation
Exploit prediction scoring system (EPSS) score for CVE-2010-2337
Probability of exploitation activity in the next 30 days: 0.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2337
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2010-2337
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2337
-
https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692
RSA Secure Logon - Log On
-
http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html
-
http://www.securitytracker.com/id?1024239
RSA Federated Identity Manager URL Redirection Flaw Lets Remote Users Bypass Security Controls - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/60564
RSA Federated Identity Manager redirection weak security CVE-2010-2337 Vulnerability Report
-
http://www.securityfocus.com/bid/41850
RSA Federated Identity Manager URI Redirection Vulnerability
-
http://www.vupen.com/english/advisories/2010/1880
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-2337
- cpe:2.3:a:rsa:federated_identity_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:federated_identity_manager:4.1:*:*:*:*:*:*:*