Lucene search

[email protected]CVE-2014-7294

HistoryJan 02, 2015 - 8:59 p.m.

CVE-2014-7294

2015-01-0220:59:01

[email protected]

web.nvd.nist.gov

cve-2014-7294

opensso integration

ex libris patron directory services

pds

vulnerability

phishing

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

Affected configurations

NVD

Node

nyuopensso_integrationRange≤2.1ex_libris_patron_directory_services

CPENameOperatorVersion
nyu:opensso_integrationnyu opensso integrationle2.1

CPE	Name	Operator	Version
nyu:opensso_integration	nyu opensso integration	le	2.1

References

packetstormsecurity.com/files/129756/Ex-Libris-Patron-Directory-Services-2.1-Open-Redirect.html

seclists.org/fulldisclosure/2014/Dec/127

tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory-services-pds-open-redirect-security-vulnerability/

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2014-7294

nvd1 packetstorm1 cvelist1 prion1