VYPR
Unrated severityNVD Advisory· Published Apr 17, 2014· Updated Jun 17, 2026

CVE-2014-2880

CVE-2014-2880

Description

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*
    • (no CPE)range: 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.