Security Bulletins

1E-2024-2001

1E platform URL redirection

Bulletin ID
1E-2024-2001
Veröffentlicht am
31.07.2024
Letztes Update
02.08.2024
Schweregrad
Moderat
CVSS
4.7 (Medium)
Zugewiesene CVE
CVE-2024-7211
Betroffene Produkte
1E Platform

1. Vulnerability Details

CVE-ID

Description

The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

 

Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.

CVSS3.1 Score

Base Score 4.7 (Medium)

CVSS3.1 Vector String

Problem type

2. Affected products and versions

Product Versions

1E Platform

24.7

1E Platform

23.11.1.15

1E Platform

23.7.1.80

1E Platform

8.4.1.229

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.