The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. Note: The Identity Server on 1E Platform has been updated with the necessary patch.