Description

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Related CPE's

a

1e

platform

4

References

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/

Weaknesses

[email protected]

Primary
CWE-601

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-601

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-08-01T15:16:09.727Z

1 year ago

Last modified

2025-05-20T07:15:20.953Z

10 months ago