Unrated severityNVD Advisory· Published Apr 17, 2014· Updated Jun 17, 2026
CVE-2014-2880
CVE-2014-2880
Description
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:identity_manager:11.1.2.1.0:*:*:*:*:*:*:*
- (no CPE)range: 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.