Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
Vulnerability Description
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
1E Platform 安全漏洞
Vulnerability Description
1E Platform是1E公司的一种终端端点管理和自动化解决方案。 1E Platform 23之前版本存在安全漏洞,该漏洞源于身份服务器可以启用URL重定向到不受信任的站点。
CVSS Information
N/A
Vulnerability Type
N/A