CVE-2024-7211

Summary

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Affected Software

VendorProductVersion RangeStatus
1E1E Platform24.7affected
1E1E Platform23.11.1.15affected
1E1E Platform23.7.1.80affected
1E1E Platform8.4.1.229affected

Weaknesses

  • URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References