Unrated severityNVD Advisory· Published Apr 17, 2014· Updated May 6, 2026

CVE-2014-2880

Description

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.

Affected products

Oracle Corporation/Identity Manager
cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.htmlnvd
www.exploit-db.com/exploits/32670nvd
www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlnvd
www.osvdb.org/105384nvd
www.securityfocus.com/bid/66615nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000