CVE-2011-2941

EPSS 0.22%
Published 26.02.2014 15:55:08
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.1.1

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp06

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0 Updatecp07

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.421

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2011-1822.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-2941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2941

EUVD