Security Bulletins

1E-2024-2001

1E platform URL redirection

Bulletin ID
1E-2024-2001
Issue Date
Jul 31, 2024
Last Update
Aug 2, 2024
Priority
Moderate
CVSS
4.7 (Medium)
Assigned CVE
CVE-2024-7211
Affected Products
1E Platform

1. Vulnerability Details

CVE-ID

CVE-2024-7211

Description

The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

 

Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.

CVSS3.1 Score

Base Score 4.7 (Medium)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Problem type

CWE 601: URL redirection to untrusted site (‘open redirect’)

2. Affected products and versions

Product
Versions

1E Platform

24.7

1E Platform

23.11.1.15

1E Platform

23.7.1.80

1E Platform

8.4.1.229

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.