CVE-2024-7211

Опубликовано: 01 авг. 2024

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

EPSS Низкий

Описание

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Ссылки

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:1e:platform:8.4.1.229:*:*:*:*:*:*:*

cpe:2.3:a:1e:platform:23.7.1.80:*:*:*:*:*:*:*

cpe:2.3:a:1e:platform:23.11.1.15:*:*:*:*:*:*:*

cpe:2.3:a:1e:platform:24.7:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00104

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-62gh-q5g8-jv59

CVSS3: 4.7

github

больше 1 года назад

The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch.

EPSS

Процентиль: 29%

0.00104

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601