Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Identity Manager 开放重定向漏洞
Vulnerability Description
Oracle Identity Manager是美国甲骨文(Oracle)公司的一套企业身份管理系统。该系统可跨整个身份管理生命周期(从访问权限的初始创建到动态调整,再到按业务需求进行的变更)管理用户对公司所有资源的访问权限。 Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0)版本中存在开放重定向漏洞,该漏洞源于当执行changepwd操作时,identity/faces/firstlogin脚本没有充分过滤‘backUrl’参数。远程攻击者可借助特制的URL利
CVSS Information
N/A
Vulnerability Type
N/A