CVE-2011-2941

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 54.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedFeb 26

Latest updateMay 17

Description

Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform5.1.1+4

🔴Vulnerability Details

GHSA

GHSA-5f7q-2xrc-wxhx: Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5↗2022-05-17

▶

CVEList

CVE-2011-2941: Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5↗2014-02-26

▶

📋Vendor Advisories

Red Hat

Platform: open URL redirect↗2011-12-14

▶

💬Community

Bugzilla

CVE-2011-2941 JBoss Enterprise Portal Platform: open URL redirect↗2011-08-22

▶